diff options
| author | Daniel Graña | 2023-12-12 22:51:10 -0300 |
|---|---|---|
| committer | Daniel Graña | 2023-12-12 22:51:10 -0300 |
| commit | 202a3eaea410db90c5a5bb1a65c265d7c97b8144 (patch) | |
| tree | 97db04e883f6e42973a879bab41311570a6b9b38 | |
| parent | 8bd72993b8a43fd220bc722862f4829acbdca49f (diff) | |
| download | aur-202a3eaea410db90c5a5bb1a65c265d7c97b8144.tar.gz | |
More doc clarifications
| -rw-r--r-- | .SRCINFO | 2 | ||||
| -rw-r--r-- | PKGBUILD | 4 | ||||
| -rw-r--r-- | README.md | 23 | ||||
| -rw-r--r-- | tailscale_hook | 2 | ||||
| -rw-r--r-- | tailscale_install | 6 |
5 files changed, 19 insertions, 18 deletions
@@ -9,7 +9,7 @@ pkgbase = mkinitcpio-tailscale source = tailscale_hook source = tailscale_install source = setup-initcpio-tailscale - sha256sums = bbee1d1f599ea3e64a17aa57704fa46a3b681bca6c9c12e2bf4751696a89eefc + sha256sums = 5c341668e502c5e54e25b24607b1eb004a78d52332c48ccdfb07003f19f6fc8d sha256sums = c1103a919a98c14f3c1492088b8cac7e711f8c99631a3859afe7eca0959911ef sha256sums = 480dec84c705dc437cb6fb1715031c1ea8e48c6b89cb0fd8c86a3af7169062f7 @@ -2,7 +2,7 @@ pkgname=mkinitcpio-tailscale pkgver=0.2 -pkgrel=2 +pkgrel=3 pkgdesc="Collection of mkinitcpio install hooks to integrate Tailscale into initramfs" arch=("any") url="https://github.com/dangra/mkinitcpio-tailscale" @@ -11,7 +11,7 @@ depends=("mkinitcpio") source=("tailscale_hook" "tailscale_install" "setup-initcpio-tailscale") -sha256sums=('bbee1d1f599ea3e64a17aa57704fa46a3b681bca6c9c12e2bf4751696a89eefc' +sha256sums=('5c341668e502c5e54e25b24607b1eb004a78d52332c48ccdfb07003f19f6fc8d' 'c1103a919a98c14f3c1492088b8cac7e711f8c99631a3859afe7eca0959911ef' '480dec84c705dc437cb6fb1715031c1ea8e48c6b89cb0fd8c86a3af7169062f7') diff --git a/README.md b/README.md index 36bc22ef7b3a..3a0bc3d679e6 100644 --- a/README.md +++ b/README.md @@ -11,31 +11,30 @@ how to add a ssh server to [remotely unlock it][4]. [1]: https://wiki.archlinux.org/title/Mkinitcpio [2]: https://tailscale.com [3]: https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2 -[4]: https://wiki.archlinux.org/title/Dm-crypt/Specialties#systemd_based_initramfs_(built_with_mkinitcpio) +[4]: https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote_unlocking_of_root_(or_other)_partition -Combined that with running the Tailscale service and you get an very secure VPN access from anywhere -without having to open the ssh port to the world. +Combine that with Tailscale and you get a secure VPN to access your locked server from anywhere, +without having to open a firewall hole to ssh from outside your home. ## Installation +Install [mkinitcpio-tailscale](https://aur.archlinux.org/packages/mkinitcpio-tailscale) package from AUR using your preferred helper, i.e.: + ``` yay -S mkinitcpio-tailscale ``` ## Configure -Edit /etc/mkinitcpio.conf and add `sd-tailscale` to HOOKS array, i.e: - -> HOOKS=(base **systemd** keyboard autodetect keymap modconf sd-vconsole *sd-network* *sd-resolve* *sd-tinyssh* **sd-tailscale** block sd-encrypt filesystems fsck) +Run `setup-initcpio-tailscale` and follow the instructions. It will register a tailscale node with a hostname derived from the host system, +let say the host is named `homeserver`, the tailscale node will be registered as `homeserver-initrd`; that makes it easier +to later identify the node in Tailscale panel. -**NOTE**: In above HOOKS line there are three hooks provided by mkinitcpio-systemd-extras package: `sd-network`, `sd-resolve` and `sd-tinyssh`. - Even if you can get the early boot network configuration working without them, it is much simpler this way. +Edit /etc/mkinitcpio.conf and add `tailscale` to HOOKS array. -*IMPORTANT*: This hook doesn't work with mkinitcpio configurations that uses `udev` hook instead of `systemd` +For systemd based initramfs, the insertion order of the `tailscale` hook doesn't matter as long as it is after `systemd` hook itself. -Once the hook is configured, run `setup-initcpio-tailscale` (as a normal user) and follow the instructions to register the node to your tailscale account. -The script will register a tailscale node with a hostname derived from the host system, let say the host is named `homeserver`, the -tailscale node will be registered as `homeserver-initrd`; that makes it easier to identify the node in Tailscale panel. +For busybox based initramfs, it is recommended to place it after any network related hook and before any blocking hook like `encrypt` or `encryptssh` ## Security Considerations diff --git a/tailscale_hook b/tailscale_hook index 8fd12c763eba..831ba55423e2 100644 --- a/tailscale_hook +++ b/tailscale_hook @@ -1,4 +1,4 @@ -#!/usr/bin/env ash +#!/usr/bin/env bash run_hook() ( echo "Starting Tailscale" diff --git a/tailscale_install b/tailscale_install index fab3c7a24f82..870f78e802f7 100644 --- a/tailscale_install +++ b/tailscale_install @@ -48,11 +48,13 @@ help() { * /etc/initcpio/tailscale/default.env to /etc/default/tailscaled - It works with both, systemd and busybox init systems; but whatever you choose remember to also add a network and ssh server hook. + It works with both, systemd and busybox init systems; whatever you choose remember to also configure network and a ssh server. For systemd inits, see 'sd-network' and 'sd-tinyssh' hooks provided by mkinitcpio-systemd-extras package. - Run /usr/bin/setup-initcpio-tailscale to initialize the configuration files at /etc/initcpio/tailscale/. + Run /usr/bin/setup-initcpio-tailscale if you haven't already to initialize the configuration files at /etc/initcpio/tailscale/. + + For more check https://github.com/dangra/mkinitcpio-tailscale __EOF_HELP__ } |