17dcee7e52
Add complete build infrastructure for football secure access system: - Minimal Debian base with only IceWM and Remmina - WireGuard-only networking with strict firewall (eth0 allows only WireGuard) - All network traffic routed through mandatory VPN tunnel - Secure Boot enforced for physical deployments - Zero remote access - SSH, telnet disabled and blocked - AppArmor, auditd, and fail2ban for security hardening Build system generates both VM (qcow2) and physical (raw) images. WireGuard endpoint IP and port configurable via build script variables. Includes: - Package list with minimal dependencies - System hardening scripts - WireGuard client and server configuration tools - Comprehensive documentation (README.md, QUICKSTART.md) - systemd services for firewall enforcement - User environment with automatic IceWM startup 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
25 lines
577 B
Bash
Executable File
25 lines
577 B
Bash
Executable File
#!/bin/bash
|
|
# Debootstrap preseed configuration for minimal Debian installation
|
|
|
|
# Non-interactive frontend
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
|
|
# Minimal base system without recommended packages
|
|
cat << 'EOF' > /usr/local/sbin/debootstrap-minimal
|
|
#!/bin/bash
|
|
# Arguments: SUITE TARGET MIRROR
|
|
set -e
|
|
|
|
SUITE=${1:-bookworm}
|
|
TARGET=${2}
|
|
MIRROR=${3:-http://deb.debian.org/debian}
|
|
|
|
echo "Bootstrapping minimal Debian $SUITE..."
|
|
|
|
debootstrap --variant=minbase --arch=amd64 $SUITE $TARGET $MIRROR
|
|
|
|
echo "Minimal bootstrap complete."
|
|
EOF
|
|
|
|
chmod +x /usr/local/sbin/debootstrap-minimal
|