Add README section about /unluks script and shell option

Signed-off-by: Maximilian Wilhelm <[email protected]>
BarbarossaTM · Dec 30, 2023 · 489b51c · 489b51c
1 parent 16fba5a
commit 489b51c
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -4,6 +4,8 @@ This repository contains to scripts to set up the initian-ramdisk of any Debian-
 so that it will configure a network interface and spawn an SSH server from within the initrd,
 which will allow you to unlock any LUKS-encrypted drives/RAIDs/... remotely.
 
+## Installation
+
 The `add-unluks` script needs to installed into the `/etc/initramfs-tools/hooks/` directory,
 so it will be run when a new initrd is build for the system to set up all the necessary plumbing.
 This includes installing `sshd`, `vconfig`, `killall` into the initrd
@@ -61,4 +63,36 @@ The `unluks` script contains a configuration section on top, which contains of t
     # The safeword, which can be appened to the Kernel commmand line on boot-up to
     # disable this script and use the regular interactive means of unlocking the
     # disks. (optional)
-    safeword="red"
+    safeword="red"
+
+
+# Even more Convenience
+
+For more convenience uncomment, and most likely edit, the example script add the end `add-unluks`.
+It will create a shell script stored within `/unluks` which contains the commands necessary to unlock
+all existing LUKS volumes, `/dev/md1` - `/dev/md3` in this example, and run `pvscan` as well as `vgchange -ay`
+to find all PVs and activate all LVs in all VGs.
+
+    cat << SCRIPT > "${DESTDIR}/unluks"
+    #!/bin/sh
+
+    cryptsetup luksOpen /dev/md1 md1_crypt
+    cryptsetup luksOpen /dev/md2 md2_crypt
+    cryptsetup luksOpen /dev/md3 md3_crypt
+
+    lvm pvscan
+
+    vgchange -ay
+
+    echo "Cool thanks, booting..."
+    SCRIPT
+
+    chmod 755 "${DESTDIR}/unluks"
+
+For full convencience you can also change the root line of `/etc/passwd` within `add-unluks` to
+
+    root:x:0:0:root:/root:/unluks
+
+This will cause above script to be used as the login shell for the `root` user, meaning you will be
+directly prompted to unlock the LUKS disk(s). The drawback however is that you don't get access to
+the shell anymore, which you shouldn't be needing though if everything is as it should be.
diff --git a/add-unluks b/add-unluks
@@ -107,17 +107,17 @@ cp /lib/x86_64-linux-gnu/libnss_files* "${DESTDIR}/lib/x86_64-linux-gnu"
 
 
 ################################################################################
-#                   Write convenience unlock script to /go                     #
+#                 Write convenience unlock script to /unluks                   #
 ################################################################################
 
 # Uncomment - and most likely edit - the following lines to add a convenience
 # "shell" when you log in via SSH to unlock the disks.
 #
 # For full convencience you can also change the root line of /etc/passwd above
 # to:
-# root:x:0:0:root:/root:/bin/sh
+# root:x:0:0:root:/root:/unluks
 
-# cat << SCRIPT > "${DESTDIR}/go"
+# cat << SCRIPT > "${DESTDIR}/unluks"
 # #!/bin/sh
 #
 # cryptsetup luksOpen /dev/md1 md1_crypt
@@ -131,6 +131,6 @@ cp /lib/x86_64-linux-gnu/libnss_files* "${DESTDIR}/lib/x86_64-linux-gnu"
 # echo "Cool thanks, booting..."
 # SCRIPT
 #
-# chmod 755 "${DESTDIR}/go"
+# chmod 755 "${DESTDIR}/unluks"
 
 exit 0