feat: add minimal Debian image build system with WireGuard-only networking
Add complete build infrastructure for football secure access system: - Minimal Debian base with only IceWM and Remmina - WireGuard-only networking with strict firewall (eth0 allows only WireGuard) - All network traffic routed through mandatory VPN tunnel - Secure Boot enforced for physical deployments - Zero remote access - SSH, telnet disabled and blocked - AppArmor, auditd, and fail2ban for security hardening Build system generates both VM (qcow2) and physical (raw) images. WireGuard endpoint IP and port configurable via build script variables. Includes: - Package list with minimal dependencies - System hardening scripts - WireGuard client and server configuration tools - Comprehensive documentation (README.md, QUICKSTART.md) - systemd services for firewall enforcement - User environment with automatic IceWM startup 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
73
config/packages.list
Normal file
73
config/packages.list
Normal file
@@ -0,0 +1,73 @@
|
||||
# Minimal packages for football secure access system
|
||||
# Base system
|
||||
linux-image-amd64
|
||||
firmware-linux
|
||||
firmware-linux-nonfree
|
||||
grub2-common
|
||||
grub-pc-bin
|
||||
grub-efi-amd64-bin
|
||||
grub-efi-ia32-bin
|
||||
shim-signed
|
||||
initramfs-tools
|
||||
sudo
|
||||
locales
|
||||
keyboard-configuration
|
||||
console-setup
|
||||
|
||||
# Network (client only, no server capabilities)
|
||||
networkmanager
|
||||
iproute2
|
||||
iputils-ping
|
||||
isc-dhcp-client
|
||||
wireguard
|
||||
wireguard-tools
|
||||
iptables-persistent
|
||||
|
||||
# Hardware support
|
||||
xserver-xorg
|
||||
xserver-xorg-input-libinput
|
||||
x11-xserver-utils
|
||||
xterm
|
||||
xinit
|
||||
|
||||
# Display manager (minimal - no remote access)
|
||||
xserver-xorg-video-intel
|
||||
xserver-xorg-video-amdgpu
|
||||
xserver-xorg-video-nouveau
|
||||
xserver-xorg-video-ati
|
||||
|
||||
# Window manager - IceWM
|
||||
icewm
|
||||
icewm-themes
|
||||
|
||||
# Remote desktop client - Remmina
|
||||
remmina
|
||||
remmina-plugin-rdp
|
||||
remmina-plugin-vnc
|
||||
|
||||
# Basic utilities
|
||||
vim-tiny
|
||||
less
|
||||
psmisc
|
||||
procps
|
||||
coreutils
|
||||
grep
|
||||
sed
|
||||
gawk
|
||||
tar
|
||||
gzip
|
||||
bzip2
|
||||
xz-utils
|
||||
curl
|
||||
wget
|
||||
|
||||
# Secure boot and boot tools
|
||||
efibootmgr
|
||||
mokutil
|
||||
efivar
|
||||
|
||||
# Security hardening
|
||||
fail2ban
|
||||
apparmor
|
||||
apparmor-utils
|
||||
auditd
|
||||
Reference in New Issue
Block a user