diff --git a/.env.example b/.env.example index b2c6925..455c618 100644 --- a/.env.example +++ b/.env.example @@ -1,4 +1,4 @@ -PEM_PASS=pass.. +VPN_PEM_PASS=pass.. VPN_USER=zsolt.alfoldi@nokia.com VPN_USER_PASS=saaapp... diff --git a/.gitignore b/.gitignore index 4c49bd7..82af664 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .env +result diff --git a/README.md b/README.md new file mode 100644 index 0000000..d2da0ee --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +# How-to + +```bash +# encrypt .env with paspaspaps password, '' should given if there is a custom char +# like !@#$ and friends +cat .env | openssl enc -a -A -aes-256-cbc -salt -pbkdf2 -pass pass:'paspaspaps' | tee mybin | openssl enc -aes-256-cbc -pbkdf2 -d -a -A +# one line base64 password is in mybin file +# last part of the command will check the encryption is OK or NOK +``` diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..91edfdb --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1761114652, + "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..5eeca18 --- /dev/null +++ b/flake.nix @@ -0,0 +1,24 @@ +{ + description = "nokia-auto-vpn flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + outputs = { self, nixpkgs, ... }: + let + pkgs = import nixpkgs { system = "x86_64-linux"; }; + + # build the package once and reuse the value + vpnPkg = pkgs.callPackage ./package.nix {}; + in + { + packages.x86_64-linux = { + nokia-auto-vpn = vpnPkg; + }; + + # make the flake's default package point to the same derivation + defaultPackage.x86_64-linux = vpnPkg; + }; +} + diff --git a/nix.sh b/nix.sh new file mode 100644 index 0000000..06f42a9 --- /dev/null +++ b/nix.sh @@ -0,0 +1,27 @@ +#!/bin/env bash +set -e -u -o pipefail +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" +VPN=vpn0 + +dot_env_secret=$(echo 'U2FsdGVkX1+ZpYMKJgqLZC7uedR4GhfB6/8Q+xdq0rH9v2S/pNTBBpdjlS/Fy5eNRsMGRSYf/HoZNihIYiAskKOY7mg6+t5vRUXWh73BQHuUVD2uAUc5npgP/Lmyn2wR2qWoBfTToKeu0nI5Gh7VQw==' | \ + openssl enc -aes-256-cbc -pbkdf2 -d -a -A -pass pass:$1) + +export $( echo $dot_env_secret | grep "=" | grep -v "#" | xargs ) + +expect $DIR/vpn.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $2 + +sudo ip route delete 10.0.0.0/8 dev $VPN metric 50 || true +sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true +sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true + +EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN") +NEW="${EXISTING:+$EXISTING,}cci.nokia.net" + +vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)" +if [[ -z $vpn_ip ]] ; then + exit 1 +fi + +sudo ip route add 10.0.0.0/8 dev $VPN metric 50 +sudo ip route add 100.0.0.0/8 dev $VPN metric 50 +sudo ip route add 135.0.0.0/8 dev $VPN metric 50 diff --git a/package.nix b/package.nix new file mode 100644 index 0000000..df9a774 --- /dev/null +++ b/package.nix @@ -0,0 +1,29 @@ +{ pkgs, stdenv, expect, openssl, lib, ... }: + +stdenv.mkDerivation rec { + pname = "nokia-auto-vpn"; + version = "0.1.0"; + + src = ./.; + + nativeBuildInputs = [ expect openssl ]; + + # nothing to build; we just install scripts + buildPhase = "true"; + + installPhase = '' + mkdir -p $out/bin + # install your run wrapper and expect script (adjust names if different) + install -m755 ${./nix.sh} $out/bin/nokia-auto-vpn + install -m755 ${./vpn.exp} $out/bin/vpn.exp + + ''; + + meta = with lib; { + description = "Nokia vpn automation wrapper (expect + bash)"; + # homepage = "https://github.com/alfonzso/proxy-manager"; # adjust if needed + license = licenses.mit; # tweak if needed + maintainers = with maintainers; [ alfoldi ]; + }; +} + diff --git a/run.sh b/run.sh index 224baa2..3db508a 100755 --- a/run.sh +++ b/run.sh @@ -1,32 +1,37 @@ #!/bin/env bash set -e DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" +VPN=vpn0 # example run: # sudonixe ./run.sh 908029 -if [[ -z "$PEM_PASS" && -f "$DIR/.env" ]]; then +if [[ -z "$VPN_PEM_PASS" && -f "$DIR/.env" ]]; then export $( grep "=" $DIR/.env | grep -v "#" | xargs ) fi -: ${PEM_PASS:?Missing but needed} +: ${VPN_PEM_PASS:?Missing but needed} : ${VPN_USER:?Missing but needed} : ${VPN_USER_PASS:?Missing but needed} : ${1:?Missing topt but needed} -expect $DIR/run.exp $PEM_PASS $VPN_USER $VPN_USER_PASS $1 +expect $DIR/run.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $1 + +sudo ip route delete 10.0.0.0/8 dev $VPN metric 50 || true +sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true +sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true -VPN=vpn0 EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN") NEW="${EXISTING:+$EXISTING,}cci.nokia.net" -vpn_ip="$(ip a l $VPN | awk '/inet/ {print $2}' | cut -d/ -f1 | cut -d. -f1-3)" +vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)" if [[ -z $vpn_ip ]] ; then exit 1 fi sudo ip route add 10.0.0.0/8 dev $VPN metric 50 sudo ip route add 100.0.0.0/8 dev $VPN metric 50 +sudo ip route add 135.0.0.0/8 dev $VPN metric 50 # sudo nmcli connection modify Nokia ipv4.dns-search $NEW diff --git a/run.exp b/vpn.exp similarity index 80% rename from run.exp rename to vpn.exp index 66672e2..0ea8572 100755 --- a/run.exp +++ b/vpn.exp @@ -1,11 +1,11 @@ #!/usr/bin/expect -f # # Usage: -# vpn-auto.exp +# vpn.exp # # Example: -# ./vpn-auto.exp PEM_PASS VPN_USER VPN_PASS MS_AUTH_OTP -# ./vpn-auto.exp pass1234 zsolt.alfoldi@nokia.com 1234pass 987456 +# ./vpn.exp PEM_PASS VPN_USER VPN_PASS MS_AUTH_OTP +# ./vpn.exp pass1234 zsolt.alfoldi@nokia.com 1234pass 987456 # never timeout set timeout -1