From bad6a7bfeea24c245c23948db1ea6ff88ada8f9d Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Sun, 21 Jan 2024 01:04:31 +0000
Subject: [PATCH] programs: implement "default vpn" with native nix code
 instead of sane-vpn

---
 modules/programs.nix | 33 ++++++++++++++++++---------------
 modules/vpn.nix      | 11 +++++++++--
 2 files changed, 27 insertions(+), 17 deletions(-)

diff --git a/modules/programs.nix b/modules/programs.nix
index 377bef0b..81aac7ba 100644
--- a/modules/programs.nix
+++ b/modules/programs.nix
@@ -37,21 +37,24 @@ let
     if net == "clearnet" then
       package
     else if net == "vpn" then
-      # TODO: update the package's `.desktop` files to ensure they exec the sandboxed app.
-      pkgs.symlinkJoin {
-        inherit (package) name;
-        paths = [ package ];
-        postBuild = ''
-          for p in $(ls "$out/bin/"); do
-            unlink "$out/bin/$p"
-            cat <<EOF >> "$out/bin/$p"
-          #!/bin/sh
-          exec ${pkgs.sane-scripts.vpn}/bin/sane-vpn do default "${package}/bin/$p" "\$@"
-          EOF
-            chmod +x "$out/bin/$p"
-          done
-        '';
-      }
+      let
+        defaultVpn = lib.findSingle (v: v.default) null null (builtins.attrValues config.sane.vpn);
+      in
+        # TODO: update the package's `.desktop` files to ensure they exec the sandboxed app.
+        pkgs.symlinkJoin {
+          inherit (package) name;
+          paths = [ package ];
+          postBuild = ''
+            for p in $(ls "$out/bin/"); do
+              unlink "$out/bin/$p"
+              cat <<EOF >> "$out/bin/$p"
+            #!/bin/sh
+            exec ${pkgs.sane-scripts.vpn}/bin/sane-vpn do ${defaultVpn.name} "${package}/bin/$p" "\$@"
+            EOF
+              chmod +x "$out/bin/$p"
+            done
+          '';
+        }
     else
       throw "unknown net type '${net}'"
   );
diff --git a/modules/vpn.nix b/modules/vpn.nix
index cdaf0575..48526acc 100644
--- a/modules/vpn.nix
+++ b/modules/vpn.nix
@@ -8,8 +8,14 @@
 { config, lib, pkgs, sane-lib, ... }:
 let
   cfg = config.sane.vpn;
-  vpnOpts = with lib; types.submodule {
+  vpnOpts = with lib; types.submodule ({ name, config, ... }: {
     options = {
+      name = mkOption {
+        type = types.str;
+        description = ''
+          read-only value: must match the attrName of this vpn.
+        '';
+      };
       id = mkOption {
         type = types.ints.between 1 99;
         description = ''
@@ -64,9 +70,10 @@ let
     };
 
     config = {
+      inherit name;
       default = builtins.all (other: config.id <= other.id) (builtins.attrValues cfg);
     };
-  };
+  });
   mkVpnConfig = name: { id, dns, endpoint, publicKey, addrV4, privateKeyFile, ... }: let
     fwmark = id + 10000;
     bridgeAddrV4 = "10.20.${builtins.toString id}.1/24";