17dcee7e52
Add complete build infrastructure for football secure access system: - Minimal Debian base with only IceWM and Remmina - WireGuard-only networking with strict firewall (eth0 allows only WireGuard) - All network traffic routed through mandatory VPN tunnel - Secure Boot enforced for physical deployments - Zero remote access - SSH, telnet disabled and blocked - AppArmor, auditd, and fail2ban for security hardening Build system generates both VM (qcow2) and physical (raw) images. WireGuard endpoint IP and port configurable via build script variables. Includes: - Package list with minimal dependencies - System hardening scripts - WireGuard client and server configuration tools - Comprehensive documentation (README.md, QUICKSTART.md) - systemd services for firewall enforcement - User environment with automatic IceWM startup 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
27 lines
776 B
Bash
27 lines
776 B
Bash
# ~/.bashrc - Football secure access system
|
|
# This script automatically starts IceWM and Remmina
|
|
|
|
# Start X with IceWM on login
|
|
if [ -z "$DISPLAY" ] && [ "$XDG_VTNR" = "1" ]; then
|
|
exec startx
|
|
fi
|
|
|
|
# Security aliases
|
|
alias rm='rm -i'
|
|
alias cp='cp -i'
|
|
alias mv='mv -i'
|
|
|
|
# PATH additions
|
|
export PATH=$PATH:/usr/local/bin
|
|
|
|
# Display security notice on login
|
|
echo ""
|
|
echo "================================================================"
|
|
echo " FOOTBALL - SECURE ACCESS SYSTEM"
|
|
echo "================================================================"
|
|
echo " Remote access to this system is DISABLED."
|
|
echo " Local console access only."
|
|
echo " System is automatically starting IceWM + Remmina."
|
|
echo "================================================================"
|
|
echo ""
|