KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74 Commits 1 Branch 0 Tags
ff23e478e450f9fd33a34eb0ef2bfdc11d43cb6c
Commit Graph

74 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Charles N Wyble
ff23e478e4 chore: Remove obsolete files and root scripts 
- Remove .dockerignore, Dockerfile from root
- Remove LICENSE (moved to docs)
- Remove archive-docs/ directory
- Remove run.sh (moved to src/)
- Clean up obsolete configuration

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:44 -05:00
Charles N Wyble
6d11ef8622 docs: Update AGENTS.md and README.md 
- Update AGENTS.md with Docker container requirements
- Add critical requirements for Docker-only workflow
- Update README.md with project structure changes
- Document Docker-based build process

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:38 -05:00
Charles N Wyble
310627bb47 test: Update test suite with improved structure 
- Update test_helper/common.bash with Docker utilities
- Update unit tests for build, firewall, and security
- Update integration tests for configuration
- Add simple_test.bats for basic testing
- Fix test assertions and error handling

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:33 -05:00
Charles N Wyble
6f038c3888 refactor: Update installed hooks and package lists 
- Update disable-package-management.sh with immutable permissions
- Update install-scripts.sh with proper path handling
- Add knel-football.list.chroot package list
- Add desktop shortcuts for VPN configuration
- Add USB automount support

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:27 -05:00
Charles N Wyble
1edf8665e9 refactor: Update live hooks for Docker compliance 
- Update firewall-setup.sh with proper volume path sourcing
- Update security-hardening.sh with modular function calls
- Update qr-code-import.sh with enhanced QR scanning
- Update install-scripts.sh with desktop shortcuts
- Add proper permission handling

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:21 -05:00
Charles N Wyble
70bdba52da chore: Update .gitignore for KNEL-Football project 
- Update to ignore KNEL-Football specific build artifacts
- Remove blanket config/ directory ignore
- Add build directories and temporary files
- Add ISO artifacts and checksum patterns
- Add security exclusions for keys and secrets

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:08 -05:00
Charles N Wyble
fb75282b8e refactor: Update security scripts with modular functions 
- Refactor security-hardening.sh with modular functions
- Add create_wifi_blacklist function
- Add create_bluetooth_blacklist function
- Add configure_ssh, password_policy, system_limits, audit_rules
- Update firewall-setup.sh with proper WireGuard endpoint parsing
- Add dynamic nftables rule generation

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:55 -05:00
Charles N Wyble
4cafafba56 refactor: Update build-iso.sh for Docker compliance 
- Enhance build-iso.sh with strict Docker container usage
- Add proper volume mounts (/workspace:/build:/output)
- Ensure all operations inside container
- Add comprehensive error handling and reporting
- Only copy final artifacts (ISO, checksums, reports)

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:46 -05:00
Charles N Wyble
9b0cbc658d feat: Add enhanced build and run scripts 
- Add src/build.sh for Docker-based ISO building
- Add src/run-new.sh with enhanced container management
- Add src/run.sh as host wrapper for build process

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:40 -05:00
Charles N Wyble
6594f1be1c feat: Add bin directory for management scripts 
- Add bin/cleanup.sh for system cleanup
- Add bin/docker-manage.sh for Docker management utilities

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:34 -05:00
Charles N Wyble
503b0ada27 feat: Add Docker utility library 
- Add lib/docker.sh with container management functions
- Add cleanup_docker function for container cleanup
- Add run_container function for container execution
- Add exec_in_container function for command execution

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:29 -05:00
Charles N Wyble
51f4eda7c3 feat: Add final security compliance report 
- Add FINAL-SECURITY-COMPLIANCE-REPORT.md
- Document CMMC Level 3 compliance
- Document FedRAMP LI-SaaS compliance
- Document DISA STIG compliance
- Document CIS Benchmark compliance

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:38:57 -05:00
Charles N Wyble
b2dab97452 docs: Add comprehensive documentation structure 
- Add architecture.md with system architecture details
- Add COMPLIANCE.md with compliance matrix
- Add security-model.md with security specifications
- Add prompts-cache.md for AI prompt history

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:38:50 -05:00
Charles N Wyble
d4eeaccbcc refactor: Move specifications to docs directory 
- Move football-spec.md to docs/football-spec.md
- Move project-spec.md to docs/project-spec.md

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:38:44 -05:00
Charles N Wyble
6cd53bc7ba feat: Add live-build hooks 
- Add security-hardening.sh for system hardening
- Add firewall-setup.sh for nftables configuration
- Add qr-code-import.sh for WireGuard QR scanning
- Add disable-package-management.sh to secure package tools
- Add install-scripts.sh to install source utilities

These hooks implement core security and functionality requirements.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 10:25:16 -05:00
Charles N Wyble
ca08f9a259 feat: Add core build scripts 
- Add build-iso.sh with validation and build functions
- Add firewall-setup.sh with dynamic nftables configuration
- Add security-hardening.sh with comprehensive hardening functions
- All scripts follow strict mode and are executable

These provide the core functionality for the secure ISO build process.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 10:24:11 -05:00
Charles N Wyble
01d1921dcf test: Add comprehensive test suite 
- Add security hardening unit tests
- Add integration tests for configuration validation
- Add security compliance tests
- Cover all major components of Phase 1

This completes Phase 1 test framework setup.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 10:23:20 -05:00
Charles N Wyble
f9a1f8137b test: Add bats-core test framework 
- Create test_helper/common.bash with shared utilities
- Add unit tests for firewall configuration functions
- Add unit tests for build script functions
- Establish testing patterns for TDD approach

This provides the foundation for 100% test coverage.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 10:22:38 -05:00
Charles N Wyble
3fc85b8130 feat: Phase 1 - Project structure and build environment 
- Add project directory structure with config, src, tests directories
- Implement run.sh host wrapper script for Docker-based workflow
- Create Dockerfile for build/test environment with live-build
- Add basic live-build configuration with preseed and package lists
- Add .gitignore and .dockerignore files

This establishes the foundation for building the secure Debian ISO.

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 10:22:03 -05:00
Charles N Wyble
9f0bbc6dc8 feat: update project name and licensing to KNEL-Football 
- Update all project references from 'Secure Debian' to 'KNEL-Football'
- Add AGPLv3 license with copyright to Known Element Enterprises LLC
- Create comprehensive README.md with project overview and features
- Update copyright notices in all files
- Add project badges and documentation structure
- Maintain AGPLv3 only licensing throughout
 2026-01-21 10:10:57 -05:00
Charles N Wyble
5fc85ec72c docs: complete PreFlightDiscussion-03.md with final resolution 
- All pre-flight discussions now resolved
- Package management implementation: installed hooks, chmod + chattr
- Ready for implementation phase
- Specification updated with all decisions
 2026-01-21 10:02:16 -05:00
Charles N Wyble
2b2a424d27 feat: update specification with pre-flight discussion decisions 
- Update compliance: CMMC Level 3, LI-SaaS, CIS+STIG, adapt Debian 11 STIG
- Add QR code import capability with zbar and desktop shortcut
- Add package management disabling hook with chattr +i
- Update preseed: US/Chicago timezone, US keyboard, password complexity
- Add secure boot: UEFI only, measured boot, custom keys
- Add .gitignore to exclude ISO files
- Remove package management from applications, add test suite
- Add minimal package list (no aptitude/synaptic)
- Update testing: in-ISO tests, command line execution
 2026-01-21 10:02:12 -05:00
Charles N Wyble
fcfbbfa2d3 docs: create PreFlightDiscussion-03.md for final clarification 
- Need clarification on package management implementation approach
- All other items resolved from PreFlightDiscussion-02.md
- Options: live hooks vs installed hooks, remove vs disable
- Ready to update specification once this final item is resolved
 2026-01-21 09:58:23 -05:00
Charles N Wyble
ee64d50b3b docs: create PreFlightDiscussion-02.md with follow-up questions 
- Address feedback from PreFlightDiscussion-01.md
- Clarify compliance framework (CMMC level, STIG vs CIS)
- Detail QR code implementation questions
- Resolve testing strategy and package management approach
- Define remaining high-priority items before implementation
 2026-01-21 09:50:31 -05:00
Charles N Wyble
2b758f6391 docs: create PreFlightDiscussion-01.md for project review 
- Document all questions, comments, and concerns before implementation
- Categorize by priority: High (blockers), Medium (challenges), Low (nice to have)
- Mark resolved items: Debian 13.3.0 availability and USB package inclusion
- Ready for stakeholder review and inline feedback
 2026-01-21 09:23:27 -05:00
Charles N Wyble
b246f06e6d docs: update spec with Debian 13.3.0 details 
- Update base image to Debian 13.3.0 (Trixie) stable release
- Clarify all packages must be pre-included in ISO (no internet downloads)
- Update USB mount requirements to include pre-installed utilities
- Specify exact ISO: debian-13.3.0-amd64-netinst.iso
 2026-01-21 09:20:39 -05:00
Charles N Wyble
c8ff5b6e32 feat: add project specification requirements 
- Original project requirements document
- Secure Debian 13 ISO build specifications
- Docker-based workflow with TDD methodology
 2026-01-21 09:16:41 -05:00
Charles N Wyble
7d693534c5 docs: create AGENTS.md for project documentation 
- Added AI agent roles and responsibilities
- Documented development workflow and security focus
- Outlined project structure and communication guidelines
 2026-01-21 09:16:30 -05:00
Charles N Wyble
a97974cfd5 docs: rename SECURE_DEBIAN_SPEC.md to football-spec.md 
- Updated filename to match project naming convention
- No content changes, only renamed file
 2026-01-21 09:16:25 -05:00
Charles N Wyble
69d6c81e1c feat: Complete repository reset for fresh start 
- Remove all project files and directories
- Keep git history intact
- Archive documentation in archive-docs/ directory

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 08:56:22 -05:00
Charles N Wyble
b98a20cae8 feat: Archive all documentation and remove project files 
- Move all .md files to archive-docs/ directory
- Remove all project files and directories
- Retain git history while starting fresh

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 08:54:17 -05:00
Charles N Wyble
1339705f9d progress snapshot 2026-01-21 08:33:09 -05:00
Charles N Wyble
6c96f3c549 feat: Add VM control script with libvirt support 
Added comprehensive VM management script for testing Football ISO
using libvirt/virsh instead of direct QEMU commands.

1. **VM Control Script** (scripts/qvm.sh):
   - Define VM in libvirt with proper XML
   - Start/stop VM with virsh commands
   - Reboot VM with virsh
   - Check VM status
   - Open VNC console viewer
   - Delete VM, disk, and ISO

2. **VM Configuration**:
   - Name: football-test
   - Memory: 2GB RAM
   - CPUs: 2
   - Disk: 8GB qcow2
   - Display: VNC (auto-port, localhost)
   - Network: user (NAT)
   - Boot: ISO (Football installer)
   - OS: Debian 13 (Trixie)

3. **Integration with virt-manager**:
   - VM shows in virsh list
   - Manageable via virt-manager GUI
   - VNC connection: localhost:5900
   - Standard libvirt XML definition

4. **Usage**:
   ./scripts/qvm.sh define   - Define VM in libvirt
   ./scripts/qvm.sh start    - Start VM
   ./scripts/qvm.sh stop     - Stop VM
   ./scripts/qvm.sh status   - Check status
   ./scripts/qvm.sh console  - Open VNC viewer
   ./scripts/qvm.sh delete   - Delete VM and files

Files Added:
- scripts/qvm.sh (VM control script with libvirt support)

Files Created (by VM definition):
- output/football-vm-disk.qcow2 (8GB VM disk)
- output/football-test.xml (libvirt VM definition)

Output:
- output/football-installer.iso (940MB, bootable Football ISO)

VM Status:
- Running in libvirt
- Visible in: virsh list
- VNC: localhost:5900
- Disk: 8GB qcow2

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-20 14:47:19 -05:00
Charles N Wyble
40f01e7814 chore: Rewrite build-iso.sh to use Docker-only 
Complete rewrite of build script to do ALL operations inside Docker
container, not on host system. This resolves permission issues and
ensures all work is containerized per AGENTS.md specification.

1. **Single Docker Container**:
   - All build steps now run in ONE Docker container
   - No directory operations on host system
   - No cleanup operations on host system
   - All temporary files created and cleaned inside container

2. **Fixed Directory Paths**:
   - ISO_DIR changed from scripts/iso-tmp to iso-tmp
   - Matches Docker volume mount (/build)
   - Resolves "No such directory" errors

3. **Added Missing Package**:
   - Added isolinux package to fix hybrid boot creation
   - Provides /usr/lib/ISOLINUX/isohdpfx.bin

4. **Docker-only Workflow**:
   - Host: Only creates output/ directory
   - Docker: Download, extract, inject, create ISO, cleanup
   - Output: ISO written to mounted volume

5. **Build Process**:
   Step 1: Download Debian ISO (inside Docker)
   Step 2: Extract ISO (inside Docker)
   Step 3: Inject preseed and scripts (inside Docker)
   Step 4: Create new ISO (inside Docker)
   Step 5: Verify ISO (inside Docker)
   Cleanup: Remove temporary directories (inside Docker)

Files Updated:
- scripts/build-iso.sh (complete rewrite, Docker-only)

Output:
- output/football-installer.iso (940MB, bootable)

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-20 14:39:05 -05:00
Charles N Wyble
3cd1c31960 chore: Remove all debootstrap traces and obsolete documentation 
Comprehensive cleanup to remove all traces of old debootstrap-based
build system approach, now fully migrated to ISO-based installer.

1. **Removed Obsolete Files**:
   - Dockerfile.dev (old debootstrap container definition)
   - config/preseed.sh (obsolete debootstrap script)
   - docs/CLEANUP-SUMMARY.md (historical cleanup docs)
   - docs/TEST-EVIDENCE.md (historical test docs)
   - docs/old/ (entire directory with obsolete docs)
   - tests/build-and-test.sh (old debootstrap test script)

2. **Rewrote AGENTS.md**:
   - Removed all obsolete build system sections (Build System,
     Current Build Status, Build Environment, Proof Testing,
     Known Issues, Next Steps)
   - Kept current relevant sections (Orientation, Overview,
     Architecture, Security Model, Compliance, File Structure,
     Configuration, Scripts, Deployment, Verification)
   - Updated to focus solely on ISO-based approach
   - Reduced from 1306 lines to ~650 lines (clean and concise)
   - Added proper Build System section for ISO approach
   - Added Testing section
   - Added Troubleshooting section

3. **Updated Active Documentation**:
   - docs/FUNCTIONAL-REQUIREMENTS.md (corrected installer description)
   - docs/BUILD-DOCUMENTATION.md (removed debootstrap reference)
   - docs/SECURITY-BASELINES.md (removed debootstrap reference)
   - AGENTS.md (updated with COMMIT_CONVENTIONS reference)

4. **Project Now Clean**:
   - All debootstrap references removed
   - All obsolete documentation removed
   - Focus entirely on ISO-based installer approach
   - Ready for clean ISO builds

Files Deleted:
- Dockerfile.dev
- config/preseed.sh
- docs/CLEANUP-SUMMARY.md
- docs/TEST-EVIDENCE.md
- docs/old/ (BUILD-CONTINUOUS-STATUS.md, BUILD-PROGRESS.md,
  BUILD-STATUS.md, DOCKER-README.md, DOCKER-SOLUTION.md,
  QUICKSTART.md)
- tests/build-and-test.sh

Files Updated:
- AGENTS.md (complete rewrite, removed ~650 lines of obsolete content)
- docs/FUNCTIONAL-REQUIREMENTS.md (corrected installer type)
- docs/BUILD-DOCUMENTATION.md (removed obsolete tool reference)
- docs/SECURITY-BASELINES.md (removed obsolete reference)

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-20 14:09:32 -05:00
Charles N Wyble
ad129dd4b2 docs: Add commit conventions and update AGENTS.md 
1. **Added COMMIT_CONVENTIONS.md**:
   - Documents conventional commit format (type: description)
   - Defines commit types: feat, fix, docs, style, refactor, perf, test, chore, ci
   - Specifies commit message structure with detailed description
   - Includes footer attribution requirements
   - Provides examples for simple and complex commits
   - Documents branching conventions
   - Emphasizes frequent commit and push workflow

2. **Updated AGENTS.md**:
   - Added COMMIT_CONVENTIONS.md to Related Documentation section
   - Makes conventions easily discoverable for agents

This ensures consistent commit format across all work and
enforces the push-as-you-go workflow.

Files Added:
- COMMIT_CONVENTIONS.md

Files Updated:
- AGENTS.md (documentation reference)

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-20 13:56:01 -05:00
Charles N Wyble
d67a8d38b0 chore: Update build paths after cleanup 
Updated BUILD_DIR path to parent directory and adjusted ISO_DIR
location in build-iso.sh script.

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
 2026-01-20 13:52:40 -05:00
Charles N Wyble
c96bd20708 feat: Add LightDM display manager for secure login 
Implements minimal, secure login without username display:

1. **LightDM Installation**:
   - Added lightdm and lightdm-gtk-greeter packages
   - Enabled LightDM service by default
   - Set default target to graphical
   - Removed .xinitrc direct X boot

2. **Minimal and Secure Greeter**:
   - Configured /etc/lightdm/lightdm.conf:
     * hide-users=true (no username list displayed)
     * show-manual-login=true (manual username entry only)
     * allow-guest=false (no guest sessions)
     * XDMCP disabled (no remote X sessions)
   - Greeter shows only:
     * Username field (for manual entry)
     * Password field
     * Login button
   - No account picking, no user list

3. **Security Benefits**:
   - No user information leaked before authentication
   - Attacker cannot enumerate users
   - Manual username required (prevents user enumeration)
   - Minimal attack surface (LightDM is lightweight)
   - No guest sessions (strict access control)

4. **Removed Direct X Boot**:
   - No longer booting directly to IceWM via .xinitrc
   - Using proper display manager for authentication
   - More secure and standardized login process

Files Updated:
- config/preseed.cfg (LightDM packages, enabled service, late_command)
- config/security-config.sh (LightDM configuration, removed .xinitrc)

This implements the "minimal and secure display manager"
requirement with no usernames displayed and no account picking.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 12:37:04 -05:00
Charles N Wyble
471ac78a4c feat: Complete ISO build system with security features 
Major updates for production-ready ISO:

1. **Debian Version**:
   - Updated to Debian 13.3.0 stable (released)
   - No longer using testing/sid
   - Using debian:stable Docker image

2. **Password Complexity Enforcement**:
   - Added libpam-pwquality and libpwquality packages
   - Password complexity enforced during install via PAM
   - Configured in security-config.sh:
     * Minimum 12 characters
     * Mixed case required
     * At least one digit
     * At least one special character
     * 3 character classes required
   - Preseed enforces password checks during installer

3. **Auto-Lock After 1 Minute**:
   - Added xautolock and xscreensaver packages
   - Configured in .xinitrc for auto-lock after 1 minute idle
   - Uses xscreensaver-command -lock for screen locking

4. **USB Drive Mounting**:
   - Added udisks2, gvfs-backends, gvfs-fuse packages
   - Created polkit rules for USB mounting
   - User added to plugdev and cdrom groups
   - USB drives mountable via file manager

5. **WiFi and Bluetooth Disabling**:
   - Created config/disable-wifi-bt.sh script
   - Blacklists all WiFi kernel modules
   - Blacklists all Bluetooth kernel modules
   - Masks bluetooth service
   - Removes bluez packages

6. **First-Boot Verification**:
   - Created scripts/verify-system.sh
   - Created config/football-first-boot.service
   - Verifies all functional requirements
   - Runs once on first boot
   - Prevents re-running via status file

7. **ISO Build System**:
   - Updated to use Debian 13.3.0 stable ISO
   - Scripts and config baked into ISO
   - Docker-based build process
   - Corrected ISO filename throughout

8. **Preseed Configuration**:
   - Manual user creation (not automated)
   - Manual password prompts (enforced via PAM)
   - Late_command applies all security configs
   - Copies verification script to target
   - Enables first-boot verification service

Files Added:
- config/disable-wifi-bt.sh (WiFi/BT disabling)
- config/security-config.sh (password complexity, auto-lock, USB mounting)
- config/football-first-boot.service (first-boot verification systemd service)
- scripts/verify-system.sh (comprehensive verification script)

Files Updated:
- config/preseed.cfg (password enforcement, security packages, late_command)
- scripts/build-iso.sh (Debian 13.3.0, correct filenames)
- docs/FUNCTIONAL-REQUIREMENTS.md (verification strategy)
- AGENTS.md (documentation references)
- README.md (documentation references)

All requirements from this session implemented:
✓ Password complexity enforced during install
✓ Auto-lock after 1 minute idle
✓ USB drive mounting enabled
✓ WiFi/Bluetooth disabled
✓ First-boot verification
✓ Scripts baked into ISO (no internet needed)
✓ All packages in ISO
✓ Debian 13.3.0 stable

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 12:33:49 -05:00
Charles N Wyble
76e2263117 docs: Add comprehensive functional requirements specification 
Adds docs/FUNCTIONAL-REQUIREMENTS.md documenting:
- Core functionality (FR-1 to FR-12)
- Artifact properties (9 properties covering ISO, installed system, deployment)
- Non-functional requirements (performance, reliability, usability, security)
- User inputs required (username, passwords, disk selection)
- System components (OS, desktop, network, security)
- Compliance requirements (CIS Benchmarks, NIST SP 800-53)
- Testing requirements (installation, security, functional)
- Acceptance criteria (5 criteria for production readiness)
- Glossary and related documents

This document captures all functional requirements discussed
in previous sessions and serves as single source of truth for
system behavior, properties, and requirements.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 12:08:16 -05:00
Charles N Wyble
54d988477f refactor: Complete directory cleanup 
Finalizes directory cleanup by removing obsolete files:
- All old debootstrap build scripts (docker-*.sh, final-simple-build.sh)
- All old documentation from root (BUILD-*.md, DOCKER-*.md)
- Obsolete Dockerfiles (Dockerfile, Dockerfile.build)
- Obsolete chroot-overlay/ directory (now using preseed.cfg)
- Old build.sh (replaced by scripts/build-iso.sh)

All files are now in proper directories:
- scripts/: Build and test scripts
- docs/: All documentation
- config/: Configuration files
- logs/: Log files
- keys/: WireGuard keys

Repository is clean and ready for production.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 12:01:10 -05:00
Charles N Wyble
2225244ca3 docs: Add comprehensive cleanup summary 
Adds docs/CLEANUP-SUMMARY.md documenting:
- All cleanup and refactoring completed
- Directory structure changes (before/after)
- Files moved/archived/deleted
- Documentation updates made
- Build approach migration details
- Git commit history (11 commits)
- Current state (ready to build)
- Next steps for production

This provides complete reference for all refactoring work
and ensures future contributors understand changes made.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 12:00:13 -05:00
Charles N Wyble
546c3ea5cf docs: Add comprehensive build documentation 
Adds docs/BUILD-DOCUMENTATION.md explaining:
- Directory structure (clean and organized)
- Complete build process (5 steps)
- Preseed configuration details
- ISO deployment procedures (bare metal and VM)
- Docker container usage (dev and test)
- Security features applied during installation
- Troubleshooting guide
- Next steps for deployment

This replaces all scattered old documentation with a single,
comprehensive reference for the ISO-based build system.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:58:19 -05:00
Charles N Wyble
8f9487b59d refactor: Clean up documentation directory 
Moves obsolete documentation to docs/old/:
- BUILD-CONTINUOUS-STATUS.md (old build status)
- BUILD-PROGRESS.md (old build progress)
- BUILD-STATUS.md (old build status)
- DOCKER-README.md (old Docker build docs)
- DOCKER-SOLUTION.md (old Docker build docs)
- QUICKSTART.md (replaced by README.md)

Keeps relevant documentation in docs/:
- COMPLIANCE.md (compliance documentation)
- INCIDENT-RESPONSE.md (incident response)
- SECURITY-BASELINES.md (security baselines)
- SECURITY-POLICY.md (security policy)
- TEST-EVIDENCE.md (test evidence)

Documentation directory now clean and focused on current ISO approach.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:55:50 -05:00
Charles N Wyble
f8e98227b3 docs: Update README.md for ISO-based approach 
Major updates to README.md:
- Removes all references to debootstrap approach
- Removes all references to build.sh and manual image creation
- Documents ISO build process:
  1. Run: ./scripts/build-iso.sh
  2. Output: output/football-installer.iso
- Documents ISO testing with VM:
  - Run: ./scripts/test-iso.sh
  - Boots 2GB VM from ISO
- Documents deployment for both physical and virtual
- Clarifies preseed automation (only user/password/disk selection needed)
- Updates prerequisites to only require Docker

README now accurately reflects ISO-based build methodology.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:54:51 -05:00
Charles N Wyble
12124707f4 docs: Update AGENTS.md for ISO-based approach 
Major updates to AGENTS.md:
- Updates project status to reflect ISO build readiness
- Removes all references to debootstrap approach
- Documents ISO-based build methodology
- Updates architecture section for preseed approach
- Documents dual-artifact approach:
  1. football-installer.iso (for bare metal and VM)
  2. VM boots from ISO for testing
- Clarifies that preseed automates most installation steps

Old debootstrap approach completely replaced with ISO approach.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:53:09 -05:00
Charles N Wyble
7d286f8f2c refactor: Move active scripts to scripts/ directory 
Moves current active scripts to scripts/ directory:
- build-iso.sh: Creates Debian ISO with preseed
- test-iso.sh: Tests ISO in QEMU VM

Keeps root directory clean and organized.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:46:53 -05:00
Charles N Wyble
e19a1739b3 chore: Update .gitignore for cleaner repository 
Updates .gitignore to:
- Ignore all temporary build directories (build-tmp, iso-tmp, chroot)
- Ignore keys/ directory (WireGuard keys)
- Ignore old-build-scripts/ (archived scripts)
- Ignore editor directories (.crush/)
- Ignore temporary test artifacts (test-disk*.img, *.qcow2, *.img)
- Ignore VM state files (vm.pid, console.log)

This keeps repository clean and focused on source code.

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:46:16 -05:00
Charles N Wyble
8637b35484 fix: Use current sid/testing ISO instead of 13.0.0 
Updates build-iso.sh:
- Removes assumption of 13.0.0 release availability
- Uses current sid ISO (trixie is still testing)
- More reliable URL path
- Simpler download logic

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:43:28 -05:00
Charles N Wyble
977d578d04 fix: Reduce VM RAM to 2GB and improve screen handling 
Updates test-iso.sh:
- Reduces VM RAM from 4GB to 2GB (more reasonable for testing)
- Uses screen sessions for long-running QEMU process
- Provides clear instructions for screen session access
- Saves QEMU PID for process management
- Updates VM configuration display

Screen session: football-iso-test
Access: screen -r football-iso-test

💘 Generated with Crush

Assisted-by: Gemini 2.5 Flash via Crush <crush@charm.land>
 2026-01-20 11:39:24 -05:00