KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Complete directory cleanup

Browse Source 
Finalizes directory cleanup by removing obsolete files:
- All old debootstrap build scripts (docker-*.sh, final-simple-build.sh)
- All old documentation from root (BUILD-*.md, DOCKER-*.md)
- Obsolete Dockerfiles (Dockerfile, Dockerfile.build)
- Obsolete chroot-overlay/ directory (now using preseed.cfg)
- Old build.sh (replaced by scripts/build-iso.sh)

All files are now in proper directories:
- scripts/: Build and test scripts
- docs/: All documentation
- config/: Configuration files
- logs/: Log files
- keys/: WireGuard keys

Repository is clean and ready for production.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
This commit is contained in:
Charles N Wyble
2026-01-20 12:01:10 -05:00
parent 2225244ca3
commit 54d988477f
39 changed files with 3 additions and 7487 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
chroot-overlay/home/user/Desktop/README.txt
View File

@@ -1,42 +0,0 @@
# Football Secure Access System
This system is configured for secure access to remote privileged access workstations through a WireGuard VPN tunnel.
**SYSTEM CHARACTERISTICS:**
- Remote access: DISABLED (no SSH, no network services)
- Local console access only
- Automatic IceWM window manager startup
- Remmina remote desktop client
- Secure Boot enforced
- **ALL network traffic MUST go through WireGuard VPN**
- **Direct network access BLOCKED - only WireGuard allowed**
**NETWORK CONFIGURATION:**
- Physical interface (eth0): ONLY allows WireGuard to configured endpoint
- WireGuard tunnel (wg0): ALL outbound traffic goes through this tunnel
- Inbound traffic: BLOCKED (except WireGuard keepalives)
- DHCP: Allowed on eth0 only for initial IP acquisition
**USAGE:**
1. Login with local user account
2. IceWM and Remmina start automatically
3. WireGuard tunnel is established automatically
4. Use Remmina to connect to PAW (Privileged Access Workstation) through VPN
5. Close Remmina when done
6. System locks automatically on inactivity
**SECURITY:**
- No remote administration permitted
- All direct network connections blocked
- Only WireGuard tunnel traffic allowed to configured endpoint
- System logs all actions
- Secure Boot verifies kernel integrity
- Firewall strictly enforced
**WIREGUARD ENDPOINT:**
- Configured during build (see build script variables)
- Only endpoint allowed: WG_ENDPOINT_IP:WG_ENDPOINT_PORT
- All traffic routes through VPN after connection
**CONTACT:**
For system issues, contact infrastructure security team.