diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2019-06-13 14:05:13 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-13 14:05:13 +0200 |
commit | d1990cff8d87c00230752b355e805c3007864ae1 (patch) | |
tree | 498ee91b24a2a0d41191e4428a21dae142aaeb4a /nixos/modules | |
parent | 3674ff05ecdafc538d1453ea6defe4d043d2fb74 (diff) | |
parent | 0dfcbeb26642b3bc5733f064105297b2220bdc2b (diff) | |
download | nixlib-d1990cff8d87c00230752b355e805c3007864ae1.tar nixlib-d1990cff8d87c00230752b355e805c3007864ae1.tar.gz nixlib-d1990cff8d87c00230752b355e805c3007864ae1.tar.bz2 nixlib-d1990cff8d87c00230752b355e805c3007864ae1.tar.lz nixlib-d1990cff8d87c00230752b355e805c3007864ae1.tar.xz nixlib-d1990cff8d87c00230752b355e805c3007864ae1.tar.zst nixlib-d1990cff8d87c00230752b355e805c3007864ae1.zip |
Merge pull request #58036 from volth/captive-browser
nixos/programs.captive-browser: init
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/programs/captive-browser.nix | 108 |
2 files changed, 109 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 4f841ecfe0da..bb2c0a8f180f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -91,6 +91,7 @@ ./programs/bcc.nix ./programs/blcr.nix ./programs/browserpass.nix + ./programs/captive-browser.nix ./programs/ccache.nix ./programs/cdemu.nix ./programs/chromium.nix diff --git a/nixos/modules/programs/captive-browser.nix b/nixos/modules/programs/captive-browser.nix new file mode 100644 index 000000000000..9765a5fa3df7 --- /dev/null +++ b/nixos/modules/programs/captive-browser.nix @@ -0,0 +1,108 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.captive-browser; +in +{ + ###### interface + + options = { + programs.captive-browser = { + enable = mkEnableOption "captive browser"; + + package = mkOption { + type = types.package; + default = pkgs.captive-browser; + }; + + interface = mkOption { + type = types.str; + description = "your public network interface (wlp3s0, wlan0, eth0, ...)"; + }; + + # the options below are the same as in "captive-browser.toml" + browser = mkOption { + type = types.str; + default = concatStringsSep " " [ ''${pkgs.chromium}/bin/chromium'' + ''--user-data-dir=$HOME/.chromium-captive'' + ''--proxy-server="socks5://$PROXY"'' + ''--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"'' + ''--no-first-run'' + ''--new-window'' + ''--incognito'' + ''http://cache.nixos.org/'' + ]; + description = '' + the shell (/bin/sh) command executed once the proxy starts. + When browser exits, the proxy exits. An extra env var PROXY is available. + + Here, we use a separate Chrome instance in Incognito mode, so that + it can run (and be waited for) alongside the default one, and that + it maintains no state across runs. To configure this browser open a + normal window in it, settings will be preserved. + + @volth: chromium is to open a plain HTTP (not HTTPS nor redirect to HTTPS!) website. + upstream uses http://example.com but I have seen captive portals whose DNS server resolves "example.com" to 127.0.0.1 + ''; + }; + + dhcp-dns = mkOption { + type = types.str; + description = '' + the shell (/bin/sh) command executed to obtain the DHCP + DNS server address. The first match of an IPv4 regex is used. + IPv4 only, because let's be real, it's a captive portal. + ''; + }; + + socks5-addr = mkOption { + type = types.str; + default = "localhost:1666"; + description = ''the listen address for the SOCKS5 proxy server''; + }; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + + programs.captive-browser.dhcp-dns = mkOptionDefault ( + if config.networking.networkmanager.enable then + "${pkgs.networkmanager}/bin/nmcli dev show ${escapeShellArg cfg.interface} | ${pkgs.gnugrep}/bin/fgrep IP4.DNS" + else if config.networking.dhcpcd.enable then + "${pkgs.dhcpcd}/bin/dhcpcd -U ${escapeShellArg cfg.interface} | ${pkgs.gnugrep}/bin/fgrep domain_name_servers" + else if config.networking.useNetworkd then + "${cfg.package}/bin/systemd-networkd-dns ${escapeShellArg cfg.interface}" + else + "${config.security.wrapperDir}/udhcpc --quit --now -f -i ${escapeShellArg cfg.interface} -O dns --script ${ + pkgs.writeScript "udhcp-script" '' + #!/bin/sh + if [ "$1" = bound ]; then + echo "$dns" + fi + ''}" + ); + + security.wrappers.udhcpc = { + capabilities = "cap_net_raw+p"; + source = "${pkgs.busybox}/bin/udhcpc"; + }; + + security.wrappers.captive-browser = { + capabilities = "cap_net_raw+p"; + source = pkgs.writeScript "captive-browser" '' + #!${pkgs.bash}/bin/bash + export XDG_CONFIG_HOME=${pkgs.writeTextDir "captive-browser.toml" '' + browser = """${cfg.browser}""" + dhcp-dns = """${cfg.dhcp-dns}""" + socks5-addr = """${cfg.socks5-addr}""" + bind-device = """${cfg.interface}""" + ''} + exec ${cfg.package}/bin/captive-browser + ''; + }; + }; +} |