Finalizes directory cleanup by removing obsolete files:
- All old debootstrap build scripts (docker-*.sh, final-simple-build.sh)
- All old documentation from root (BUILD-*.md, DOCKER-*.md)
- Obsolete Dockerfiles (Dockerfile, Dockerfile.build)
- Obsolete chroot-overlay/ directory (now using preseed.cfg)
- Old build.sh (replaced by scripts/build-iso.sh)
All files are now in proper directories:
- scripts/: Build and test scripts
- docs/: All documentation
- config/: Configuration files
- logs/: Log files
- keys/: WireGuard keys
Repository is clean and ready for production.
💘 Generated with Crush
Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
Add complete build infrastructure for football secure access system:
- Minimal Debian base with only IceWM and Remmina
- WireGuard-only networking with strict firewall (eth0 allows only WireGuard)
- All network traffic routed through mandatory VPN tunnel
- Secure Boot enforced for physical deployments
- Zero remote access - SSH, telnet disabled and blocked
- AppArmor, auditd, and fail2ban for security hardening
Build system generates both VM (qcow2) and physical (raw) images.
WireGuard endpoint IP and port configurable via build script variables.
Includes:
- Package list with minimal dependencies
- System hardening scripts
- WireGuard client and server configuration tools
- Comprehensive documentation (README.md, QUICKSTART.md)
- systemd services for firewall enforcement
- User environment with automatic IceWM startup
💘 Generated with Crush
Assisted-by: GLM-4.7 via Crush <crush@charm.land>
