blob: 567cba693f059eb4226bd716b58903662f6874d6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
post_install(){
# https://gitlab.archlinux.org/alphajack/mkinitcpio-zerotier/-/raw/master/zerotier_install?ref_type=heads
cat <<INFO
This hook provides connection to a ZeroTier One network to assist in the remote
unlocking of encrypted partitions. To complete the installation follow these steps as root:
1. Check /etc/mkinitcpio.conf to see if you are using a systemd-based initrd. In this case install "mkinitcpio-systemd-extras",
otherwise install "mkinitcpio-netconf", and either "mkinitcpio-tinyssh" or "mkinitcpio-dropbear"
2. Configure your remote decryption setup, and check that it works properly within your LAN
4. Edit /var/lib/zerotier-one/initcpio/config.ini according to your needs;
5. Add "zerotier" to the "HOOKS" array in /etc/mkinitcpio.conf, placing it before your "tinyssh" or "dropbear" hook;
6. Add "tun" to the "MODULES" array in /etc/mkinitcpio.conf;
7. Rebuild your initial ramdisk by running 'mkinicpio -P'.
8. Reboot and try to SSH into the device from a VPN peer
You may also need to authorize your device from https://my.zerotier.com/ the first time it connects after boot.
Be sure to have both your LAN and VPN gateway configured properly, otherwise your device may not be able
to communicate with ZeroTier One servers or be reached by other VPN peers.
It is not required to configure the ZeroTier One in the userspace, but you can do it to check for networking problems
not related to this hook (e.g. UPnP not working in your router).
See the Arch Linux Wiki for further reading about the remote unlocking of encrypted partitions:
https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote_unlocking_of_root_(or_other)_partition
INFO
}
|