17dcee7e52
Add complete build infrastructure for football secure access system: - Minimal Debian base with only IceWM and Remmina - WireGuard-only networking with strict firewall (eth0 allows only WireGuard) - All network traffic routed through mandatory VPN tunnel - Secure Boot enforced for physical deployments - Zero remote access - SSH, telnet disabled and blocked - AppArmor, auditd, and fail2ban for security hardening Build system generates both VM (qcow2) and physical (raw) images. WireGuard endpoint IP and port configurable via build script variables. Includes: - Package list with minimal dependencies - System hardening scripts - WireGuard client and server configuration tools - Comprehensive documentation (README.md, QUICKSTART.md) - systemd services for firewall enforcement - User environment with automatic IceWM startup 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
20 lines
514 B
Plaintext
20 lines
514 B
Plaintext
# WireGuard configuration for football system
|
|
# ALL TRAFFIC MUST GO THROUGH THIS TUNNEL
|
|
# Template - will be configured during build
|
|
|
|
[Interface]
|
|
# Private key - MUST be set during deployment
|
|
PrivateKey = <PRIVATE_KEY_PLACEHOLDER>
|
|
# WireGuard interface IP (within the VPN)
|
|
Address = 10.100.0.2/24
|
|
# DNS via VPN
|
|
DNS = 10.100.0.1
|
|
|
|
[Peer]
|
|
# VPN server endpoint
|
|
PublicKey = <PUBLIC_KEY_PLACEHOLDER>
|
|
Endpoint = <ENDPOINT_IP>:<ENDPOINT_PORT>
|
|
AllowedIPs = 0.0.0.0/0, ::/0
|
|
# Keep connection alive
|
|
PersistentKeepalive = 25
|