colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

sane-vpn: port to bunpen

Browse Source
This commit is contained in:
Colin
2024-09-21 12:41:49 +00:00
parent b1763ccd02
commit 1501c99016
2 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/additional/sane-scripts/default.nix
View File

@@ -201,10 +201,10 @@ let
pname = "sane-vpn";
srcRoot = ./src;
pkgs = [
"bunpen"
"iproute2"
"networkmanager-split.nmcli"
"sane-scripts.ip-check"
"sanebox"
"systemd"
];
};

21
pkgs/additional/sane-scripts/src/sane-vpn
View File

@@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p iproute2 -p networkmanager-split.nmcli -p python3 -p sane-scripts.ip-check -p sanebox -p systemd
#!nix-shell -i python3 -p bunpen -p iproute2 -p networkmanager-split.nmcli -p python3 -p sane-scripts.ip-check -p systemd
# vim: set filetype=python :
"""
sane-vpn: tool to route all system internet traffic through some VPN, or just one application's
@@ -226,24 +226,23 @@ def get_vpn(vpn_name: str) -> VpnConfig:
def vpn_do(config: VpnConfig, cmd: list[str]) -> None:
net_flags = []
net_flags += [ "--sanebox-net-dev", config.dev ]
net_flags += [ "--bunpen-net-dev", config.dev ]
for d in config.dns:
net_flags += [ "--sanebox-dns", d ]
net_flags += [ "--bunpen-dns", d ]
if config.addr_v4:
net_flags += [ "--sanebox-net-gateway", config.addr_v4 ]
net_flags += [ "--bunpen-net-gateway", config.addr_v4 ]
wrapped_cmd = [
"sanebox",
# method: pastaonly, should be enough, but it leaves us as root in the user namespace.
# some apps don't like that -- bwrap is the fix to have uid mapping
"--sanebox-method", "bwrap",
"--sanebox-keep-namespace", "all",
"--sanebox-path", "/",
"bunpen",
"--bunpen-keep-ipc",
"--bunpen-keep-pid",
"--bunpen-try-keep-users",
"--bunpen-path", "/",
] + net_flags + cmd
logger.debug(f"exec {wrapped_cmd}")
# exec instead of subprocess so that (hopefully) the process inherits stdin/stdout.
os.execvp("sanebox", wrapped_cmd)
os.execvp("bunpen", wrapped_cmd)
def vpn_toggle(config: VpnConfig, dir_: ToggleDir) -> None:
print("old IP address ...")