17dcee7e52
Add complete build infrastructure for football secure access system: - Minimal Debian base with only IceWM and Remmina - WireGuard-only networking with strict firewall (eth0 allows only WireGuard) - All network traffic routed through mandatory VPN tunnel - Secure Boot enforced for physical deployments - Zero remote access - SSH, telnet disabled and blocked - AppArmor, auditd, and fail2ban for security hardening Build system generates both VM (qcow2) and physical (raw) images. WireGuard endpoint IP and port configurable via build script variables. Includes: - Package list with minimal dependencies - System hardening scripts - WireGuard client and server configuration tools - Comprehensive documentation (README.md, QUICKSTART.md) - systemd services for firewall enforcement - User environment with automatic IceWM startup 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
20 lines
306 B
Bash
20 lines
306 B
Bash
#!/bin/bash
|
|
# ~/.xinitrc - Automatically start IceWM and Remmina
|
|
|
|
# Set keyboard layout if needed
|
|
setxkbmap us
|
|
|
|
# Set reasonable defaults for IceWM
|
|
export ICEWM_PRIVCFG=$HOME/.icewm
|
|
|
|
# Start IceWM
|
|
icewm &
|
|
ICEWM_PID=$!
|
|
|
|
# Start Remmina (maximized)
|
|
remmina &
|
|
REMMINA_PID=$!
|
|
|
|
# Wait for IceWM
|
|
wait $ICEWM_PID
|