KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: KNEL:67c106a3b6612c85876b254d3cfe4ff85a25405b
Branches Tags
KNEL:main
..
compare: KNEL:ff23e478e450f9fd33a34eb0ef2bfdc11d43cb6c
Branches Tags
KNEL:main

14 Commits
67c106a3b6 ... ff23e478e4

Author SHA1 Message Date
Charles N Wyble
ff23e478e4 chore: Remove obsolete files and root scripts 
- Remove .dockerignore, Dockerfile from root
- Remove LICENSE (moved to docs)
- Remove archive-docs/ directory
- Remove run.sh (moved to src/)
- Clean up obsolete configuration

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:44 -05:00
Charles N Wyble
6d11ef8622 docs: Update AGENTS.md and README.md 
- Update AGENTS.md with Docker container requirements
- Add critical requirements for Docker-only workflow
- Update README.md with project structure changes
- Document Docker-based build process

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:38 -05:00
Charles N Wyble
310627bb47 test: Update test suite with improved structure 
- Update test_helper/common.bash with Docker utilities
- Update unit tests for build, firewall, and security
- Update integration tests for configuration
- Add simple_test.bats for basic testing
- Fix test assertions and error handling

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:33 -05:00
Charles N Wyble
6f038c3888 refactor: Update installed hooks and package lists 
- Update disable-package-management.sh with immutable permissions
- Update install-scripts.sh with proper path handling
- Add knel-football.list.chroot package list
- Add desktop shortcuts for VPN configuration
- Add USB automount support

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:27 -05:00
Charles N Wyble
1edf8665e9 refactor: Update live hooks for Docker compliance 
- Update firewall-setup.sh with proper volume path sourcing
- Update security-hardening.sh with modular function calls
- Update qr-code-import.sh with enhanced QR scanning
- Update install-scripts.sh with desktop shortcuts
- Add proper permission handling

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:21 -05:00
Charles N Wyble
70bdba52da chore: Update .gitignore for KNEL-Football project 
- Update to ignore KNEL-Football specific build artifacts
- Remove blanket config/ directory ignore
- Add build directories and temporary files
- Add ISO artifacts and checksum patterns
- Add security exclusions for keys and secrets

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:40:08 -05:00
Charles N Wyble
fb75282b8e refactor: Update security scripts with modular functions 
- Refactor security-hardening.sh with modular functions
- Add create_wifi_blacklist function
- Add create_bluetooth_blacklist function
- Add configure_ssh, password_policy, system_limits, audit_rules
- Update firewall-setup.sh with proper WireGuard endpoint parsing
- Add dynamic nftables rule generation

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:55 -05:00
Charles N Wyble
4cafafba56 refactor: Update build-iso.sh for Docker compliance 
- Enhance build-iso.sh with strict Docker container usage
- Add proper volume mounts (/workspace:/build:/output)
- Ensure all operations inside container
- Add comprehensive error handling and reporting
- Only copy final artifacts (ISO, checksums, reports)

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:46 -05:00
Charles N Wyble
9b0cbc658d feat: Add enhanced build and run scripts 
- Add src/build.sh for Docker-based ISO building
- Add src/run-new.sh with enhanced container management
- Add src/run.sh as host wrapper for build process

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:40 -05:00
Charles N Wyble
6594f1be1c feat: Add bin directory for management scripts 
- Add bin/cleanup.sh for system cleanup
- Add bin/docker-manage.sh for Docker management utilities

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:34 -05:00
Charles N Wyble
503b0ada27 feat: Add Docker utility library 
- Add lib/docker.sh with container management functions
- Add cleanup_docker function for container cleanup
- Add run_container function for container execution
- Add exec_in_container function for command execution

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:39:29 -05:00
Charles N Wyble
51f4eda7c3 feat: Add final security compliance report 
- Add FINAL-SECURITY-COMPLIANCE-REPORT.md
- Document CMMC Level 3 compliance
- Document FedRAMP LI-SaaS compliance
- Document DISA STIG compliance
- Document CIS Benchmark compliance

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:38:57 -05:00
Charles N Wyble
b2dab97452 docs: Add comprehensive documentation structure 
- Add architecture.md with system architecture details
- Add COMPLIANCE.md with compliance matrix
- Add security-model.md with security specifications
- Add prompts-cache.md for AI prompt history

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:38:50 -05:00
Charles N Wyble
d4eeaccbcc refactor: Move specifications to docs directory 
- Move football-spec.md to docs/football-spec.md
- Move project-spec.md to docs/project-spec.md

💘 Generated with Crush

Assisted-by: GLM-4.6 via Crush <crush@charm.land>
 2026-01-21 15:38:44 -05:00
2 changed files with 184 additions and 0 deletions
Expand all files Collapse all files

84
config/hooks/live/desktop-environment.sh Executable file
View File

@@ -0,0 +1,84 @@
#!/bin/bash
# Configure IceWM and LightDM for privacy
set -euo pipefail
echo "Configuring desktop environment..."
# Create IceWM configuration directory
mkdir -p /etc/icewm
# Create minimal IceWM configuration
cat >/etc/icewm/preferences <<'EOF'
# IceWM Configuration for KNEL-Football
Theme="Default/default.theme"
TitleBarHeight=20
TitleBarCentered=1
ShowTaskBar=1
TaskBarShowAllWindows=1
TaskBarShowCPU=0
TaskBarShowNet=0
TaskBarShowClock=1
TaskBarClockLeds=0
WinMenuItems=256
InputFocusSloppy=1
UseMouseWheel=1
QuickSwitch=1
QuickSwitchAllWorkspaces=1
AutoReloadMenus=0
ShowPopupsWhileGrabbed=0
EOF
# Create IceWM theme
cat >/etc/icewm/theme <<'EOF'
Theme="Flat/default.theme"
TitleBarBkColor="rgb:40/40/40"
TitleBarTextColor="rgb:FF/FF/FF"
MenuBkColor="rgb:30/30/30"
MenuTextColor="rgb:FF/FF/FF"
ActiveTaskBarBkColor="rgb:50/50/50"
NormalTaskBarBkColor="rgb:40/40/40"
NormalButtonBkColor="rgb:40/40/40"
ActiveButtonBkColor="rgb:60/60/60"
NormalForeground="rgb:FF/FF/FF"
ActiveForeground="rgb:FF/FF/FF"
EOF
# Configure LightDM for privacy (hide usernames)
mkdir -p /etc/lightdm/lightdm.conf.d
cat >/etc/lightdm/lightdm.conf.d/99-privacy.conf <<'EOF'
[Seat:*]
greeter-hide-users=true
greeter-show-manual-login=true
greeter-allow-guest=false
allow-guest=false
autologin-user=
autologin-user-timeout=0
autologin-session=lightdm-xsession
EOF
# Create autostart directory for IceWM
mkdir -p /etc/skel/.config/autostart
# Remmina autostart
cat >/etc/skel/.config/autostart/remmina.desktop <<'EOF'
[Desktop Entry]
Name=Remmina
Comment=Remote Desktop Client
Exec=remmina
Terminal=false
Type=Application
Categories=Network;
EOF
# Create simple IceWM startup script
mkdir -p /etc/X11/Xsession.d
cat >/etc/X11/Xsession.d/99icewm <<'EOF'
# Start IceWM window manager
exec icewm-session
EOF
# Set IceWM as default session
update-alternatives --install /usr/bin/x-window-manager x-window-manager /usr/bin/icewm 50
echo "Desktop environment configured successfully."

100
config/hooks/live/usb-automount.sh Executable file
View File

@@ -0,0 +1,100 @@
#!/bin/bash
# Configure USB automount support
set -euo pipefail
echo "Configuring USB automount support..."
# Create udev rules for USB devices
mkdir -p /etc/udev/rules.d
cat >/etc/udev/rules.d/99-usb-automount.rules <<'EOF'
# USB automount rules for KNEL-Football
ACTION=="add", SUBSYSTEM=="block", ENV{ID_FS_USAGE}=="filesystem", RUN+="/usr/local/bin/usb-automount.sh %k"
ACTION=="remove", SUBSYSTEM=="block", RUN+="/usr/local/bin/usb-unmount.sh %k"
EOF
# Create USB automount script
cat >/usr/local/bin/usb-automount.sh <<'EOF'
#!/bin/bash
# USB automount script
set -euo pipefail
DEVICE="/dev/${1}"
DEVICE_NAME="${1}"
MOUNT_BASE="/media/usb-${DEVICE_NAME}"
# Create mount point if it doesn't exist
mkdir -p "${MOUNT_BASE}"
# Determine filesystem type and mount with appropriate options
if blkid "${DEVICE}" | grep -q "TYPE=\"vfat\""; then
mount -t vfat -o rw,uid=1000,gid=1000,dmask=000,fmask=111 "${DEVICE}" "${MOUNT_BASE}"
elif blkid "${DEVICE}" | grep -q "TYPE=\"ntfs\""; then
mount -t ntfs-3g -o rw,uid=1000,gid=1000,dmask=000,fmask=111 "${DEVICE}" "${MOUNT_BASE}"
elif blkid "${DEVICE}" | grep -q "TYPE=\"ext4\""; then
mount -t ext4 -o rw "${DEVICE}" "${MOUNT_BASE}"
else
mount -t auto -o rw,uid=1000,gid=1000 "${DEVICE}" "${MOUNT_BASE}"
fi
echo "USB device ${DEVICE} mounted at ${MOUNT_BASE}"
EOF
# Create USB unmount script
cat >/usr/local/bin/usb-unmount.sh <<'EOF'
#!/bin/bash
# USB unmount script
set -euo pipefail
DEVICE_NAME="${1}"
MOUNT_BASE="/media/usb-${DEVICE_NAME}"
# Unmount if mounted
if mountpoint -q "${MOUNT_BASE}"; then
umount "${MOUNT_BASE}"
rmdir "${MOUNT_BASE}"
echo "USB device ${DEVICE_NAME} unmounted"
fi
EOF
# Make scripts executable
chmod +x /usr/local/bin/usb-automount.sh
chmod +x /usr/local/bin/usb-unmount.sh
# Add user to plugdev group for USB access
usermod -a -G plugdev kneluser 2>/dev/null || true
# Create PCManFM configuration for better file management
mkdir -p /etc/skel/.config/pcmanfm
cat >/etc/skel/.config/pcmanfm/default/pcmanfm.conf <<'EOF'
[config]
bm_open_method=0
su_cmd=xdg-su -c '%s'
[volume]
mount_on_startup=0
mount_removable=1
autorun=0
[ui]
always_show_tabs=0
hide_close_btn=0
win_width=640
win_height=480
[desktop]
show_wallpaper=0
wallpaper_mode=0
wallpaper_file=
wallpaper_common=1
desktop_bg=#000000
desktop_fg=#ffffff
desktop_shadow=#ffffff
desktop_font="Sans 12"
show_wm_menu=1
show_documents=1
show_trash=1
show_mounts=1
EOF
echo "USB automount support configured successfully."