mirror of
https://github.com/pacnpal/thrillwiki_django_no_react.git
synced 2025-12-20 15:11:09 -05:00
d504d41de2
- Add complete backend/ directory with full Django application - Add frontend/ directory with Vite + TypeScript setup ready for Next.js - Add comprehensive shared/ directory with: - Complete documentation and memory-bank archives - Media files and avatars (letters, park/ride images) - Deployment scripts and automation tools - Shared types and utilities - Add architecture/ directory with migration guides - Configure pnpm workspace for monorepo development - Update .gitignore to exclude .django_tailwind_cli/ build artifacts - Preserve all historical documentation in shared/docs/memory-bank/ - Set up proper structure for full-stack development with shared resources
103 lines
2.7 KiB
Desktop File
103 lines
2.7 KiB
Desktop File
[Unit]
|
|
Description=ThrillWiki Complete Deployment Automation Service
|
|
Documentation=man:thrillwiki-deployment(8)
|
|
After=network.target network-online.target
|
|
Wants=network-online.target
|
|
Before=thrillwiki-smart-deploy.timer
|
|
PartOf=thrillwiki-smart-deploy.timer
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=thrillwiki
|
|
Group=thrillwiki
|
|
[AWS-SECRET-REMOVED]wiki
|
|
[AWS-SECRET-REMOVED]ripts/vm/deploy-automation.sh
|
|
ExecStop=/bin/kill -TERM $MAINPID
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
Restart=always
|
|
RestartSec=30
|
|
KillMode=mixed
|
|
KillSignal=SIGTERM
|
|
TimeoutStopSec=120
|
|
TimeoutStartSec=180
|
|
StartLimitIntervalSec=600
|
|
StartLimitBurst=3
|
|
|
|
# Environment variables - Load from file for security and preset integration
|
|
EnvironmentFile=-[AWS-SECRET-REMOVED]emd/thrillwiki-deployment***REMOVED***
|
|
Environment=PROJECT_DIR=/home/thrillwiki/thrillwiki
|
|
Environment=SERVICE_NAME=thrillwiki-deployment
|
|
Environment=GITHUB_REPO=origin
|
|
Environment=GITHUB_BRANCH=main
|
|
Environment=DEPLOYMENT_MODE=automated
|
|
Environment=LOG_DIR=/home/thrillwiki/thrillwiki/logs
|
|
Environment=MAX_LOG_SIZE=10485760
|
|
Environment=SERVER_HOST=0.0.0.0
|
|
Environment=SERVER_PORT=8000
|
|
Environment=PATH=/home/thrillwiki/.local/bin:/home/thrillwiki/.cargo/bin:/usr/local/bin:/usr/bin:/bin
|
|
[AWS-SECRET-REMOVED]thrillwiki
|
|
|
|
# Security settings - Enhanced hardening for deployment automation
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ProtectKernelTunables=true
|
|
ProtectKernelModules=true
|
|
ProtectControlGroups=true
|
|
RestrictSUIDSGID=true
|
|
RestrictRealtime=true
|
|
RestrictNamespaces=true
|
|
LockPersonality=true
|
|
MemoryDenyWriteExecute=false
|
|
RemoveIPC=true
|
|
|
|
# File system permissions - Allow access to necessary directories
|
|
[AWS-SECRET-REMOVED]ki
|
|
[AWS-SECRET-REMOVED]ki/logs
|
|
[AWS-SECRET-REMOVED]ki/media
|
|
[AWS-SECRET-REMOVED]ki/staticfiles
|
|
[AWS-SECRET-REMOVED]ki/uploads
|
|
ReadWritePaths=/home/thrillwiki/.cache
|
|
ReadWritePaths=/tmp
|
|
ReadOnlyPaths=/home/thrillwiki/.github-pat
|
|
ReadOnlyPaths=/home/thrillwiki/.ssh
|
|
ReadOnlyPaths=/home/thrillwiki/.local
|
|
|
|
# Resource limits - Appropriate for deployment automation
|
|
LimitNOFILE=65536
|
|
LimitNPROC=2048
|
|
MemoryMax=1G
|
|
CPUQuota=75%
|
|
TasksMax=512
|
|
|
|
# Timeouts and watchdog
|
|
WatchdogSec=600
|
|
RuntimeMaxSec=0
|
|
|
|
# Logging configuration
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=thrillwiki-deployment
|
|
SyslogFacility=daemon
|
|
SyslogLevel=info
|
|
SyslogLevelPrefix=true
|
|
|
|
# Enhanced logging for debugging
|
|
LogsDirectory=thrillwiki-deployment
|
|
LogsDirectoryMode=0755
|
|
StateDirectory=thrillwiki-deployment
|
|
StateDirectoryMode=0755
|
|
RuntimeDirectory=thrillwiki-deployment
|
|
RuntimeDirectoryMode=0755
|
|
|
|
# Capabilities - Minimal required capabilities
|
|
CapabilityBoundingSet=
|
|
AmbientCapabilities=
|
|
PrivateDevices=true
|
|
ProtectClock=true
|
|
ProtectHostname=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
Also=thrillwiki-smart-deploy.timer |