feat: add minimal Debian image build system with WireGuard-only networking
Add complete build infrastructure for football secure access system: - Minimal Debian base with only IceWM and Remmina - WireGuard-only networking with strict firewall (eth0 allows only WireGuard) - All network traffic routed through mandatory VPN tunnel - Secure Boot enforced for physical deployments - Zero remote access - SSH, telnet disabled and blocked - AppArmor, auditd, and fail2ban for security hardening Build system generates both VM (qcow2) and physical (raw) images. WireGuard endpoint IP and port configurable via build script variables. Includes: - Package list with minimal dependencies - System hardening scripts - WireGuard client and server configuration tools - Comprehensive documentation (README.md, QUICKSTART.md) - systemd services for firewall enforcement - User environment with automatic IceWM startup 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
27
chroot-overlay/home/user/.icewm/preferences
Normal file
27
chroot-overlay/home/user/.icewm/preferences
Normal file
@@ -0,0 +1,27 @@
|
||||
# IceWM configuration for football system
|
||||
|
||||
# Window placement
|
||||
TaskBarShowClock=1
|
||||
TaskBarShowStartMenu=1
|
||||
TaskBarShowWindowListMenu=1
|
||||
TaskBarShowWorkspaces=0
|
||||
TaskBarShowWindows=0
|
||||
|
||||
# Auto-start Remmina
|
||||
StartupCommand="remmina"
|
||||
|
||||
# No desktop icons (clean interface)
|
||||
DesktopBackgroundCenter=1
|
||||
DesktopBackgroundColor="rgb:00/33/66"
|
||||
|
||||
# Security - minimize features
|
||||
ShowLoginStatus=0
|
||||
ShowLogoutMenu=1
|
||||
ShowSettingsMenu=0
|
||||
ShowHelpMenu=0
|
||||
ShowRunProgram=0
|
||||
|
||||
# Remmina should be main focus
|
||||
ClickToFocus=1
|
||||
FocusOnAppRaise=1
|
||||
RaiseOnFocus=1
|
||||
Reference in New Issue
Block a user