sane-vpn: add a "dns-fix" subcommand to open a shell using an external DNS resolver

this is hopefully temporary, until i can cleanup my trust-dns recursive resolver

pkgs/additional/sane-scripts/default.nix

@@ -191,7 +191,7 @@ let
     vpn = static-nix-shell.mkBash {
       pname = "sane-vpn";
       srcRoot = ./src;
-      pkgs = [ "coreutils-full" "sane-scripts.ip-check" ];
+      pkgs = [ "coreutils-full" "iproute2" "jq" "sane-scripts.ip-check" ];
     };
     which = static-nix-shell.mkBash {
       pname = "sane-which";

pkgs/additional/sane-scripts/src/sane-vpn

@@ -1,5 +1,5 @@
 #!/usr/bin/env nix-shell
-#!nix-shell -i bash -p coreutils-full -p sane-scripts.ip-check
+#!nix-shell -i bash -p coreutils-full -p iproute2 -p jq -p sane-scripts.ip-check
 
 set -e
 
@@ -12,6 +12,7 @@ usageDescription() {
   echo "sane-vpn up [REGION]"
   echo "sane-vpn down [REGION]"
   echo "sane-vpn do [REGION [COMMAND ...] ]"
+  echo "sane-vpn dns-fix"
   echo "sane-vpn help"
 }
 
@@ -106,6 +107,14 @@ vpnDo() {
     "${cmd[@]}"
 }
 
+dnsFix() {
+  local dev=$(ip -j route get 255 | jq --raw-output '.[0]["dev"]')
+  debug "dev: $dev"
+  sanebox --sanebox-method bwrap --sanebox-keep-namespace all --sanebox-path / --sanebox-no-portal \
+    --sanebox-net-dev "$dev" --sanebox-dns "1.1.1.1" \
+    "$SHELL"
+}
+
 usage() {
   local rc="$1"
   local msg="$2"
@@ -142,6 +151,9 @@ parseCli() {
     (do)
       vpnDo "$@"
       ;;
+    (dns-fix)
+      dnsFix "$@"
+      ;;
     (--help|help|"")
       usage 0
       ;;