refactor: Complete directory cleanup
Finalizes directory cleanup by removing obsolete files: - All old debootstrap build scripts (docker-*.sh, final-simple-build.sh) - All old documentation from root (BUILD-*.md, DOCKER-*.md) - Obsolete Dockerfiles (Dockerfile, Dockerfile.build) - Obsolete chroot-overlay/ directory (now using preseed.cfg) - Old build.sh (replaced by scripts/build-iso.sh) All files are now in proper directories: - scripts/: Build and test scripts - docs/: All documentation - config/: Configuration files - logs/: Log files - keys/: WireGuard keys Repository is clean and ready for production. 💘 Generated with Crush Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
This commit is contained in:
@@ -1,26 +0,0 @@
|
||||
# ~/.bashrc - Football secure access system
|
||||
# This script automatically starts IceWM and Remmina
|
||||
|
||||
# Start X with IceWM on login
|
||||
if [ -z "$DISPLAY" ] && [ "$XDG_VTNR" = "1" ]; then
|
||||
exec startx
|
||||
fi
|
||||
|
||||
# Security aliases
|
||||
alias rm='rm -i'
|
||||
alias cp='cp -i'
|
||||
alias mv='mv -i'
|
||||
|
||||
# PATH additions
|
||||
export PATH=$PATH:/usr/local/bin
|
||||
|
||||
# Display security notice on login
|
||||
echo ""
|
||||
echo "================================================================"
|
||||
echo " FOOTBALL - SECURE ACCESS SYSTEM"
|
||||
echo "================================================================"
|
||||
echo " Remote access to this system is DISABLED."
|
||||
echo " Local console access only."
|
||||
echo " System is automatically starting IceWM + Remmina."
|
||||
echo "================================================================"
|
||||
echo ""
|
||||
@@ -1,27 +0,0 @@
|
||||
# IceWM configuration for football system
|
||||
|
||||
# Window placement
|
||||
TaskBarShowClock=1
|
||||
TaskBarShowStartMenu=1
|
||||
TaskBarShowWindowListMenu=1
|
||||
TaskBarShowWorkspaces=0
|
||||
TaskBarShowWindows=0
|
||||
|
||||
# Auto-start Remmina
|
||||
StartupCommand="remmina"
|
||||
|
||||
# No desktop icons (clean interface)
|
||||
DesktopBackgroundCenter=1
|
||||
DesktopBackgroundColor="rgb:00/33/66"
|
||||
|
||||
# Security - minimize features
|
||||
ShowLoginStatus=0
|
||||
ShowLogoutMenu=1
|
||||
ShowSettingsMenu=0
|
||||
ShowHelpMenu=0
|
||||
ShowRunProgram=0
|
||||
|
||||
# Remmina should be main focus
|
||||
ClickToFocus=1
|
||||
FocusOnAppRaise=1
|
||||
RaiseOnFocus=1
|
||||
@@ -1,19 +0,0 @@
|
||||
#!/bin/bash
|
||||
# ~/.xinitrc - Automatically start IceWM and Remmina
|
||||
|
||||
# Set keyboard layout if needed
|
||||
setxkbmap us
|
||||
|
||||
# Set reasonable defaults for IceWM
|
||||
export ICEWM_PRIVCFG=$HOME/.icewm
|
||||
|
||||
# Start IceWM
|
||||
icewm &
|
||||
ICEWM_PID=$!
|
||||
|
||||
# Start Remmina (maximized)
|
||||
remmina &
|
||||
REMMINA_PID=$!
|
||||
|
||||
# Wait for IceWM
|
||||
wait $ICEWM_PID
|
||||
@@ -1,42 +0,0 @@
|
||||
# Football Secure Access System
|
||||
|
||||
This system is configured for secure access to remote privileged access workstations through a WireGuard VPN tunnel.
|
||||
|
||||
**SYSTEM CHARACTERISTICS:**
|
||||
- Remote access: DISABLED (no SSH, no network services)
|
||||
- Local console access only
|
||||
- Automatic IceWM window manager startup
|
||||
- Remmina remote desktop client
|
||||
- Secure Boot enforced
|
||||
- **ALL network traffic MUST go through WireGuard VPN**
|
||||
- **Direct network access BLOCKED - only WireGuard allowed**
|
||||
|
||||
**NETWORK CONFIGURATION:**
|
||||
- Physical interface (eth0): ONLY allows WireGuard to configured endpoint
|
||||
- WireGuard tunnel (wg0): ALL outbound traffic goes through this tunnel
|
||||
- Inbound traffic: BLOCKED (except WireGuard keepalives)
|
||||
- DHCP: Allowed on eth0 only for initial IP acquisition
|
||||
|
||||
**USAGE:**
|
||||
1. Login with local user account
|
||||
2. IceWM and Remmina start automatically
|
||||
3. WireGuard tunnel is established automatically
|
||||
4. Use Remmina to connect to PAW (Privileged Access Workstation) through VPN
|
||||
5. Close Remmina when done
|
||||
6. System locks automatically on inactivity
|
||||
|
||||
**SECURITY:**
|
||||
- No remote administration permitted
|
||||
- All direct network connections blocked
|
||||
- Only WireGuard tunnel traffic allowed to configured endpoint
|
||||
- System logs all actions
|
||||
- Secure Boot verifies kernel integrity
|
||||
- Firewall strictly enforced
|
||||
|
||||
**WIREGUARD ENDPOINT:**
|
||||
- Configured during build (see build script variables)
|
||||
- Only endpoint allowed: WG_ENDPOINT_IP:WG_ENDPOINT_PORT
|
||||
- All traffic routes through VPN after connection
|
||||
|
||||
**CONTACT:**
|
||||
For system issues, contact infrastructure security team.
|
||||
Reference in New Issue
Block a user