├── .ansible-lint-ignore ├── .github └── workflows │ └── pinewall-build.yml ├── .gitignore ├── .gitlab-ci.yml ├── .grype-ci.yaml ├── .grype.tmpl ├── .grype.yaml ├── .pre-commit-config.yaml ├── .yamllint ├── LICENSE ├── README.md ├── filesystem └── static │ └── root │ ├── etc │ ├── chrony │ │ └── chrony.conf │ ├── conf.d │ │ ├── dropbear │ │ ├── node-exporter │ │ ├── syslog │ │ └── unbound-exporter │ ├── corerad │ │ └── config.toml │ ├── hostname │ ├── hosts │ ├── init.d │ │ ├── enforceperms │ │ └── iperf3 │ ├── inittab │ ├── kea │ │ └── kea-dhcp4.conf │ ├── modules │ ├── motd │ ├── network │ │ └── interfaces │ ├── nftables.d │ │ └── rules.nft │ ├── nftables.nft │ ├── periodic │ │ └── daily │ │ │ └── pinehole │ ├── profile.d │ │ ├── motd.sh │ │ └── timezone.sh │ ├── resolv.conf │ ├── sysctl.d │ │ └── local.conf │ ├── ulogd.conf │ └── unbound │ │ ├── adblock.list │ │ └── unbound.conf │ └── root │ ├── .config │ └── htop │ │ └── htoprc │ └── .ssh │ └── authorized_keys ├── grype-demo.gif ├── grype-demo.tape ├── justfile ├── keys ├── db-cert.pem ├── db-priv.pem ├── pk-cert.pem ├── pk-priv.key ├── tpm2-pcr-initrd-cert.pem └── tpm2-pcr-initrd-priv.pem ├── logo.png ├── logo.svg ├── postinstall └── setup.sh ├── repositories └── templates ├── terraform-base.tf.j2 └── terraform-vm.tf.j2 /.ansible-lint-ignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/.ansible-lint-ignore -------------------------------------------------------------------------------- /.github/workflows/pinewall-build.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/.github/workflows/pinewall-build.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/.gitignore -------------------------------------------------------------------------------- /.gitlab-ci.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/.gitlab-ci.yml -------------------------------------------------------------------------------- /.grype-ci.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/.grype-ci.yaml -------------------------------------------------------------------------------- /.grype.tmpl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/.grype.tmpl -------------------------------------------------------------------------------- /.grype.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/.grype.yaml -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/.yamllint -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/README.md -------------------------------------------------------------------------------- /filesystem/static/root/etc/chrony/chrony.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/chrony/chrony.conf -------------------------------------------------------------------------------- /filesystem/static/root/etc/conf.d/dropbear: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/conf.d/dropbear -------------------------------------------------------------------------------- /filesystem/static/root/etc/conf.d/node-exporter: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/conf.d/node-exporter -------------------------------------------------------------------------------- /filesystem/static/root/etc/conf.d/syslog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/conf.d/syslog -------------------------------------------------------------------------------- /filesystem/static/root/etc/conf.d/unbound-exporter: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/conf.d/unbound-exporter -------------------------------------------------------------------------------- /filesystem/static/root/etc/corerad/config.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/corerad/config.toml -------------------------------------------------------------------------------- /filesystem/static/root/etc/hostname: -------------------------------------------------------------------------------- 1 | pinewall -------------------------------------------------------------------------------- /filesystem/static/root/etc/hosts: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/hosts -------------------------------------------------------------------------------- /filesystem/static/root/etc/init.d/enforceperms: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/init.d/enforceperms -------------------------------------------------------------------------------- /filesystem/static/root/etc/init.d/iperf3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/init.d/iperf3 -------------------------------------------------------------------------------- /filesystem/static/root/etc/inittab: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/inittab -------------------------------------------------------------------------------- /filesystem/static/root/etc/kea/kea-dhcp4.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/kea/kea-dhcp4.conf -------------------------------------------------------------------------------- /filesystem/static/root/etc/modules: -------------------------------------------------------------------------------- 1 | af_packet 2 | ipv6 3 | ptp_kvm 4 | -------------------------------------------------------------------------------- /filesystem/static/root/etc/motd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/motd -------------------------------------------------------------------------------- /filesystem/static/root/etc/network/interfaces: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/network/interfaces -------------------------------------------------------------------------------- /filesystem/static/root/etc/nftables.d/rules.nft: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/nftables.d/rules.nft -------------------------------------------------------------------------------- /filesystem/static/root/etc/nftables.nft: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/nftables.nft -------------------------------------------------------------------------------- /filesystem/static/root/etc/periodic/daily/pinehole: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/periodic/daily/pinehole -------------------------------------------------------------------------------- /filesystem/static/root/etc/profile.d/motd.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/profile.d/motd.sh -------------------------------------------------------------------------------- /filesystem/static/root/etc/profile.d/timezone.sh: -------------------------------------------------------------------------------- 1 | # shellcheck disable=SC2148 2 | export TZ='UTC' 3 | -------------------------------------------------------------------------------- /filesystem/static/root/etc/resolv.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/resolv.conf -------------------------------------------------------------------------------- /filesystem/static/root/etc/sysctl.d/local.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/sysctl.d/local.conf -------------------------------------------------------------------------------- /filesystem/static/root/etc/ulogd.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/ulogd.conf -------------------------------------------------------------------------------- /filesystem/static/root/etc/unbound/adblock.list: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /filesystem/static/root/etc/unbound/unbound.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/etc/unbound/unbound.conf -------------------------------------------------------------------------------- /filesystem/static/root/root/.config/htop/htoprc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/root/.config/htop/htoprc -------------------------------------------------------------------------------- /filesystem/static/root/root/.ssh/authorized_keys: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/filesystem/static/root/root/.ssh/authorized_keys -------------------------------------------------------------------------------- /grype-demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/grype-demo.gif -------------------------------------------------------------------------------- /grype-demo.tape: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/grype-demo.tape -------------------------------------------------------------------------------- /justfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/justfile -------------------------------------------------------------------------------- /keys/db-cert.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/keys/db-cert.pem -------------------------------------------------------------------------------- /keys/db-priv.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/keys/db-priv.pem -------------------------------------------------------------------------------- /keys/pk-cert.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/keys/pk-cert.pem -------------------------------------------------------------------------------- /keys/pk-priv.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/keys/pk-priv.key -------------------------------------------------------------------------------- /keys/tpm2-pcr-initrd-cert.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/keys/tpm2-pcr-initrd-cert.pem -------------------------------------------------------------------------------- /keys/tpm2-pcr-initrd-priv.pem: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/keys/tpm2-pcr-initrd-priv.pem -------------------------------------------------------------------------------- /logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/logo.png -------------------------------------------------------------------------------- /logo.svg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/logo.svg -------------------------------------------------------------------------------- /postinstall/setup.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/postinstall/setup.sh -------------------------------------------------------------------------------- /repositories: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/repositories -------------------------------------------------------------------------------- /templates/terraform-base.tf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/templates/terraform-base.tf.j2 -------------------------------------------------------------------------------- /templates/terraform-vm.tf.j2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/alexhaydock/pinewall/HEAD/templates/terraform-vm.tf.j2 --------------------------------------------------------------------------------