KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9eb08c9fde9b64f14b94fe268e78a2d9b5a718c
football/QUICKSTART.md
Charles N Wyble 336089a1c5 feat: upgrade to Debian 13 (trixie) 
- Update build script to use Debian 13 trixie
- Update APT sources for Debian 13
- Update documentation references to Debian 13
- Update compliance standards to include CMMC Level 3

This upgrade provides:
- Latest security patches
- Improved kernel hardening capabilities
- Enhanced package management
- Better compatibility with modern security standards

References:
- CIS Debian 13 Benchmark
- CMMC Level 3
- FedRAMP Moderate

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-01-13 12:32:57 -05:00

2.0 KiB
Raw Blame History

Football Build Quick Reference

Build Steps

# 1. Install dependencies (requires Debian 13 Trixie or later)
sudo apt-get install debootstrap qemu-utils kpartx squashfs-tools

# 2. Generate WireGuard keys
wg genkey | tee client-private.key | wg pubkey > client-public.key

# 3. Edit build.sh with your configuration
nano build.sh
# Set: WG_ENDPOINT_IP, WG_ENDPOINT_PORT, WG_PRIVATE_KEY, WG_PUBLIC_KEY

# 4. Build the image
./build.sh

# 5. Deploy
# For VM:
qemu-system-x86_64 -m 2048 -drive file=output/football-vm.qcow2,format=qcow2

# For physical:
sudo dd if=output/football-physical.img of=/dev/sdX bs=4M status=progress

Key Configuration Variables (in build.sh)

WG_ENDPOINT_IP="192.0.2.1"        # WireGuard server IP
WG_ENDPOINT_PORT="51820"          # WireGuard server port
WG_PRIVATE_KEY="..."              # Client private key (from wg genkey)
WG_PUBLIC_KEY="..."               # Server public key

File Locations

  • Build script: ./build.sh
  • Package list: config/packages.list
  • Hardening script: config/harden.sh
  • User config: chroot-overlay/home/user/
  • System services: chroot-overlay/etc/systemd/system/
  • WireGuard config: chroot-overlay/etc/wireguard/

Quick Troubleshooting

Issue Command
WireGuard status sudo wg show
Firewall rules sudo iptables -L -n -v
System logs sudo journalctl -xe
Network status ip addr show

Security Checklist

  • Generated unique WireGuard keys
  • Changed default password (changeme)
  • Verified WireGuard endpoint connectivity
  • Configured Remmina profile for PAW
  • Enabled Secure Boot on physical hardware
  • Tested firewall rules
  • Verified no remote access services running

File Structure

football/
├── build.sh           # Run this to build
├── config/            # Build configuration
├── chroot-overlay/    # System files to overlay
├── output/            # Generated images (created after build)
└── README.md          # Full documentation
Reference in New Issue View Git Blame Copy Permalink