-
Notifications
You must be signed in to change notification settings - Fork 2
/
wireguard_install
55 lines (45 loc) · 1.63 KB
/
wireguard_install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/bin/bash
build()
{
if [[ ! -s /etc/wireguard/initcpio/unlock ]]; then
error "Missing WireGuard initcpio hook unlock configuration file '/etc/wireguard/initcpio/unlock'! WireGuard not configured correctly!"
return 1
else
. /etc/wireguard/initcpio/unlock
if [[ ! -s $PRIVATE_KEYFILE ]]; then
error "Missing WireGuard initcpio hook private keyfile '$PRIVATE_KEYFILE'! WireGuard not configured correctly!"
return 1
fi
if [[ -n $PRESHARED_KEYFILE && ! -s $PRESHARED_KEYFILE ]]; then
error "Missing WireGuard initcpio hook preshared keyfile '$PRESHARED_KEYFILE'! WireGuard not configured correctly!"
return 1
fi
fi
add_binary wg
add_module wireguard
add_dir /etc/wireguard/initcpio
#
# The $PRIVATE_KEYFILE *MUST* exist.
#
add_file $PRIVATE_KEYFILE
#
# The PRESHARED_KEYFILE *MAY* exist.
#
if [[ -n $PRESHARED_KEYFILE ]]; then
add_file $PRESHARED_KEYFILE
fi
add_file /etc/wireguard/initcpio/unlock
add_runscript
}
help() {
cat <<HELPEOF
This hook provides basic WireGuard support to assist in the remote unlocking
of encrypted partitions via ssh. There are various parameters that are to be
configured in the "/etc/wireguard/initcpio/unlock" file. This *MUST* be done!
In addition to this hook, you will require something like tinyssh or dropbear
appropriately configured in order to gain remote access. Please refer to the
README.adoc AND the Arch Wiki for further details with regards to remote
unlocking of encrypted partitions. Thank you.
HELPEOF
}
# vim:set syntax=sh tw=78: