KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add architecture diagram and fix FR-001 links

Browse Source
This commit is contained in:
Charles N Wyble
2026-02-19 22:58:14 -05:00
parent f5bbcad08c
commit ad2d4d3e61
1 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
README.md
View File

@@ -41,7 +41,7 @@
### PRD → Code → Tests Alignment ### PRD → Code → Tests Alignment
| PRD Requirement | Code | Tests | | PRD Requirement | Code | Tests |
|-----------------|------|-------| |-----------------|------|-------|
| [FR-001: Full Disk Encryption](src/encryption-setup.sh) | [encryption-setup.sh](src/encryption-setup.sh), [encryption-validation.sh](src/encryption-validation.sh) | ✅ 10 test files | | [FR-001: Full Disk Encryption](config/hooks/installed/encryption-setup.sh) | [encryption-setup.sh](config/hooks/installed/encryption-setup.sh), [encryption-validation.sh](config/hooks/installed/encryption-validation.sh) | ✅ 10 test files |
| [FR-002: Debian Base](config/includes.installer/preseed.cfg) | [preseed.cfg](config/includes.installer/preseed.cfg), [package-lists](config/package-lists/) | ✅ config tests | | [FR-002: Debian Base](config/includes.installer/preseed.cfg) | [preseed.cfg](config/includes.installer/preseed.cfg), [package-lists](config/package-lists/) | ✅ config tests |
| [FR-003: Desktop Environment](config/hooks/live/desktop-environment.sh) | [desktop-environment.sh](config/hooks/live/desktop-environment.sh) | ✅ 5 test files | | [FR-003: Desktop Environment](config/hooks/live/desktop-environment.sh) | [desktop-environment.sh](config/hooks/live/desktop-environment.sh) | ✅ 5 test files |
| [FR-004: Network/Firewall](src/firewall-setup.sh) | [firewall-setup.sh](src/firewall-setup.sh) | ✅ 7 test files | | [FR-004: Network/Firewall](src/firewall-setup.sh) | [firewall-setup.sh](src/firewall-setup.sh) | ✅ 7 test files |
@@ -126,9 +126,39 @@ Build KNEL-Football secure ISO with Docker-only workflow following AGENTS.md req
- QR code import for WireGuard - QR code import for WireGuard
### Architecture ### Architecture
**IMPORTANT**: KNEL-Football OS serves as a **secure remote terminal** for accessing tier0 infrastructure. It does NOT directly access tier0 infrastructure.
**Access Model**: **See [docs/architecture.md](docs/architecture.md) for complete system architecture.**
```
┌─────────────────────────────────────────────────────────────────┐
│ Development Environment │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │
│ │ Git │ │ Docker │ │ Libvirt │ │
│ │ (VCS) │ │ (Builder) │ │ (Virtualization) │ │
│ └─────────────┘ └─────────────┘ └─────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ Build Container │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ live-build │ │ debootstrap │ │ shellcheck │ │
│ │ (ISO) │ │ (Bootstrap) │ │ (Linting) │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────┐
│ Output: KNEL-Football ISO │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ IceWM │ │ WireGuard │ │ LUKS2 │ │
│ │ (Desktop) │ │ (VPN) │ │ (Encryption)│ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────────┘
```
**Access Model**: KNEL-Football OS serves as a **secure remote terminal** for accessing tier0 infrastructure:
1. User boots KNEL-Football OS on secure laptop (FDE required) 1. User boots KNEL-Football OS on secure laptop (FDE required)
2. OS connects via WireGuard VPN to secure network 2. OS connects via WireGuard VPN to secure network
3. User uses SSH/Remmina to access privileged workstation 3. User uses SSH/Remmina to access privileged workstation