17dcee7e52
Add complete build infrastructure for football secure access system: - Minimal Debian base with only IceWM and Remmina - WireGuard-only networking with strict firewall (eth0 allows only WireGuard) - All network traffic routed through mandatory VPN tunnel - Secure Boot enforced for physical deployments - Zero remote access - SSH, telnet disabled and blocked - AppArmor, auditd, and fail2ban for security hardening Build system generates both VM (qcow2) and physical (raw) images. WireGuard endpoint IP and port configurable via build script variables. Includes: - Package list with minimal dependencies - System hardening scripts - WireGuard client and server configuration tools - Comprehensive documentation (README.md, QUICKSTART.md) - systemd services for firewall enforcement - User environment with automatic IceWM startup 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
38 lines
385 B
Plaintext
38 lines
385 B
Plaintext
# Build output
|
|
output/
|
|
*.img
|
|
*.qcow2
|
|
|
|
# Chroot directory (created during build)
|
|
chroot/
|
|
|
|
# Mount points
|
|
mount/
|
|
|
|
# WireGuard keys (never commit these!)
|
|
client-private.key
|
|
client-public.key
|
|
server-private.key
|
|
server-public.key
|
|
|
|
# Temporary files
|
|
*.tmp
|
|
*.bak
|
|
*~
|
|
|
|
# IDE/editor files
|
|
.vscode/
|
|
.idea/
|
|
*.swp
|
|
*.swo
|
|
*~
|
|
|
|
# OS files
|
|
.DS_Store
|
|
Thumbs.db
|
|
|
|
# Build artifacts
|
|
*.deb
|
|
*.tar.gz
|
|
*.tar.xz
|