added nix

.env.example

@@ -1,4 +1,4 @@
-PEM_PASS=pass..
+VPN_PEM_PASS=pass..
 VPN_USER=zsolt.alfoldi@nokia.com
 VPN_USER_PASS=saaapp...
 

.gitignore

@@ -1 +1,2 @@
 .env
+result

README.md

@@ -0,0 +1,9 @@
+# How-to
+
+```bash
+# encrypt .env with paspaspaps password, '' should given if there is a custom char
+# like !@#$ and friends
+cat .env | openssl enc -a -A -aes-256-cbc -salt -pbkdf2 -pass pass:'paspaspaps' | tee mybin | openssl enc -aes-256-cbc -pbkdf2 -d -a -A
+# one line base64 password is in mybin file
+# last part of the command will check the encryption is OK or NOK
+```

flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1761114652,
+        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,24 @@
+{
+  description = "nokia-auto-vpn flake";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs, ... }:
+    let
+      pkgs = import nixpkgs { system = "x86_64-linux"; };
+
+      # build the package once and reuse the value
+      vpnPkg = pkgs.callPackage ./package.nix {};
+    in
+    {
+      packages.x86_64-linux = {
+        nokia-auto-vpn = vpnPkg;
+      };
+
+      # make the flake's default package point to the same derivation
+      defaultPackage.x86_64-linux = vpnPkg;
+    };
+}
+

nix.sh

@@ -0,0 +1,27 @@
+#!/bin/env bash
+set -e -u -o pipefail
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)"
+VPN=vpn0
+
+dot_env_secret=$(echo 'U2FsdGVkX1+ZpYMKJgqLZC7uedR4GhfB6/8Q+xdq0rH9v2S/pNTBBpdjlS/Fy5eNRsMGRSYf/HoZNihIYiAskKOY7mg6+t5vRUXWh73BQHuUVD2uAUc5npgP/Lmyn2wR2qWoBfTToKeu0nI5Gh7VQw==' | \
+  openssl enc -aes-256-cbc -pbkdf2 -d -a -A -pass pass:$1)
+
+export $( echo $dot_env_secret | grep "=" | grep -v "#" | xargs )
+
+expect $DIR/vpn.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $2
+
+sudo ip route delete 10.0.0.0/8  dev $VPN metric 50 || true
+sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true
+sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true
+
+EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN")
+NEW="${EXISTING:+$EXISTING,}cci.nokia.net"
+
+vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)"
+if [[ -z $vpn_ip ]] ; then
+  exit 1
+fi
+
+sudo ip route add 10.0.0.0/8 dev $VPN metric 50
+sudo ip route add 100.0.0.0/8 dev $VPN metric 50
+sudo ip route add 135.0.0.0/8 dev $VPN metric 50

package.nix

@@ -0,0 +1,29 @@
+{ pkgs, stdenv, expect, openssl, lib, ... }:
+
+stdenv.mkDerivation rec {
+  pname = "nokia-auto-vpn";
+  version = "0.1.0";
+
+  src = ./.;
+
+  nativeBuildInputs = [ expect openssl ];
+
+  # nothing to build; we just install scripts
+  buildPhase = "true";
+
+  installPhase = ''
+    mkdir -p $out/bin
+    # install your run wrapper and expect script (adjust names if different)
+    install -m755 ${./nix.sh} $out/bin/nokia-auto-vpn
+    install -m755 ${./vpn.exp} $out/bin/vpn.exp
+
+  '';
+
+  meta = with lib; {
+    description = "Nokia vpn automation wrapper (expect + bash)";
+    # homepage = "https://github.com/alfonzso/proxy-manager"; # adjust if needed
+    license = licenses.mit; # tweak if needed
+    maintainers = with maintainers; [ alfoldi ];
+  };
+}
+

run.sh

@@ -1,32 +1,37 @@
 #!/bin/env bash
 set -e
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)"
+VPN=vpn0
 
 # example run:
 # sudonixe ./run.sh 908029
 
-if [[ -z "$PEM_PASS" && -f "$DIR/.env" ]]; then
+if [[ -z "$VPN_PEM_PASS" && -f "$DIR/.env" ]]; then
   export $( grep "=" $DIR/.env | grep -v "#" | xargs )
 fi
 
-: ${PEM_PASS:?Missing but needed}
+: ${VPN_PEM_PASS:?Missing but needed}
 : ${VPN_USER:?Missing but needed}
 : ${VPN_USER_PASS:?Missing but needed}
 : ${1:?Missing topt but needed}
 
-expect $DIR/run.exp $PEM_PASS $VPN_USER $VPN_USER_PASS $1
+expect $DIR/run.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $1
+
+sudo ip route delete 10.0.0.0/8  dev $VPN metric 50 || true
+sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true
+sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true
 
-VPN=vpn0
 EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN")
 NEW="${EXISTING:+$EXISTING,}cci.nokia.net"
 
-vpn_ip="$(ip a l $VPN | awk '/inet/ {print $2}' | cut -d/ -f1 | cut -d. -f1-3)"
+vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)"
 if [[ -z $vpn_ip ]] ; then
   exit 1
 fi
 
 sudo ip route add 10.0.0.0/8 dev $VPN metric 50
 sudo ip route add 100.0.0.0/8 dev $VPN metric 50
+sudo ip route add 135.0.0.0/8 dev $VPN metric 50
 
 # sudo nmcli connection modify Nokia ipv4.dns-search $NEW
 

vpn.exp

@@ -1,11 +1,11 @@
 #!/usr/bin/expect -f
 #
 # Usage:
-#   vpn-auto.exp <connection-name> <vpn-user> <vpn-pass> <otp-secret>
+#   vpn.exp <connection-name> <vpn-user> <vpn-pass> <otp-secret>
 #
 # Example:
-#   ./vpn-auto.exp PEM_PASS VPN_USER VPN_PASS MS_AUTH_OTP
+#   ./vpn.exp PEM_PASS VPN_USER VPN_PASS MS_AUTH_OTP
-#   ./vpn-auto.exp pass1234 zsolt.alfoldi@nokia.com 1234pass 987456
+#   ./vpn.exp pass1234 zsolt.alfoldi@nokia.com 1234pass 987456
 
 # never timeout
 set timeout -1