KNEL/football
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9eb08c9fde9b64f14b94fe268e78a2d9b5a718c
football/config/packages.list
Charles N Wyble 17dcee7e52 feat: add minimal Debian image build system with WireGuard-only networking 
Add complete build infrastructure for football secure access system:
- Minimal Debian base with only IceWM and Remmina
- WireGuard-only networking with strict firewall (eth0 allows only WireGuard)
- All network traffic routed through mandatory VPN tunnel
- Secure Boot enforced for physical deployments
- Zero remote access - SSH, telnet disabled and blocked
- AppArmor, auditd, and fail2ban for security hardening

Build system generates both VM (qcow2) and physical (raw) images.
WireGuard endpoint IP and port configurable via build script variables.

Includes:
- Package list with minimal dependencies
- System hardening scripts
- WireGuard client and server configuration tools
- Comprehensive documentation (README.md, QUICKSTART.md)
- systemd services for firewall enforcement
- User environment with automatic IceWM startup

💘 Generated with Crush

Assisted-by: GLM-4.7 via Crush <crush@charm.land>
2026-01-13 12:11:18 -05:00

74 lines
1000 B
Plaintext
Raw Blame History

# Minimal packages for football secure access system
# Base system
linux-image-amd64
firmware-linux
firmware-linux-nonfree
grub2-common
grub-pc-bin
grub-efi-amd64-bin
grub-efi-ia32-bin
shim-signed
initramfs-tools
sudo
locales
keyboard-configuration
console-setup
# Network (client only, no server capabilities)
networkmanager
iproute2
iputils-ping
isc-dhcp-client
wireguard
wireguard-tools
iptables-persistent
# Hardware support
xserver-xorg
xserver-xorg-input-libinput
x11-xserver-utils
xterm
xinit
# Display manager (minimal - no remote access)
xserver-xorg-video-intel
xserver-xorg-video-amdgpu
xserver-xorg-video-nouveau
xserver-xorg-video-ati
# Window manager - IceWM
icewm
icewm-themes
# Remote desktop client - Remmina
remmina
remmina-plugin-rdp
remmina-plugin-vnc
# Basic utilities
vim-tiny
less
psmisc
procps
coreutils
grep
sed
gawk
tar
gzip
bzip2
xz-utils
curl
wget
# Secure boot and boot tools
efibootmgr
mokutil
efivar
# Security hardening
fail2ban
apparmor
apparmor-utils
auditd
Reference in New Issue View Git Blame Copy Permalink