KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0cbd03fa0f849934d6177a35ace7533bf95dcc4c
football/config/wg-server-config-example.conf
Charles N Wyble 17dcee7e52 feat: add minimal Debian image build system with WireGuard-only networking 
Add complete build infrastructure for football secure access system:
- Minimal Debian base with only IceWM and Remmina
- WireGuard-only networking with strict firewall (eth0 allows only WireGuard)
- All network traffic routed through mandatory VPN tunnel
- Secure Boot enforced for physical deployments
- Zero remote access - SSH, telnet disabled and blocked
- AppArmor, auditd, and fail2ban for security hardening

Build system generates both VM (qcow2) and physical (raw) images.
WireGuard endpoint IP and port configurable via build script variables.

Includes:
- Package list with minimal dependencies
- System hardening scripts
- WireGuard client and server configuration tools
- Comprehensive documentation (README.md, QUICKSTART.md)
- systemd services for firewall enforcement
- User environment with automatic IceWM startup

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-01-13 12:11:18 -05:00

46 lines
1.1 KiB
Plaintext
Raw Blame History

# Sample WireGuard Server Configuration
# This is the configuration for the WireGuard VPN server
# that football systems will connect to.
#
# Usage: Copy this to /etc/wireguard/wg0.conf on the VPN server
# and adjust as needed for your environment.
[Interface]
# Private key of the VPN server
# Generate with: wg genkey
PrivateKey = <SERVER_PRIVATE_KEY>
# VPN network address (this server)
Address = 10.100.0.1/24
# Port to listen on (UDP)
ListenPort = 51820
# DNS for VPN clients
DNS = 10.100.0.1
# Enable IP forwarding on the server
# Add this to /etc/sysctl.conf: net.ipv4.ip_forward=1
# Then run: sysctl -p
# NAT configuration (POSTROUTING)
# iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
[Peer]
# Client: football-1
# Public key generated on client with: wg pubkey < client-private.key
PublicKey = <CLIENT_1_PUBLIC_KEY>
AllowedIPs = 10.100.0.2/32
[Peer]
# Client: football-2
PublicKey = <CLIENT_2_PUBLIC_KEY>
AllowedIPs = 10.100.0.3/32
[Peer]
# Client: football-3
PublicKey = <CLIENT_3_PUBLIC_KEY>
AllowedIPs = 10.100.0.4/32
# Add more [Peer] sections as needed for additional football clients
Reference in New Issue View Git Blame Copy Permalink