added nix

2025-10-26 02:30:16 +02:00
parent 85e4396dd1
commit 2aed3ade72
9 changed files with 131 additions and 9 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,4 +1,4 @@
-PEM_PASS=pass..
+VPN_PEM_PASS=pass..
 VPN_USER=zsolt.alfoldi@nokia.com
 VPN_USER_PASS=saaapp...

--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .env
+result
--- a/README.md
+++ b/README.md
@@ -0,0 +1,9 @@
+# How-to
+
+```bash
+# encrypt .env with paspaspaps password, '' should given if there is a custom char
+# like !@#$ and friends
+cat .env | openssl enc -a -A -aes-256-cbc -salt -pbkdf2 -pass pass:'paspaspaps' | tee mybin | openssl enc -aes-256-cbc -pbkdf2 -d -a -A
+# one line base64 password is in mybin file
+# last part of the command will check the encryption is OK or NOK
+```
--- a/flake.lock
+++ b/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1761114652,
+        "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@@ -0,0 +1,24 @@
+{
+  description = "nokia-auto-vpn flake";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+  };
+
+  outputs = { self, nixpkgs, ... }:
+    let
+      pkgs = import nixpkgs { system = "x86_64-linux"; };
+
+      # build the package once and reuse the value
+      vpnPkg = pkgs.callPackage ./package.nix {};
+    in
+    {
+      packages.x86_64-linux = {
+        nokia-auto-vpn = vpnPkg;
+      };
+
+      # make the flake's default package point to the same derivation
+      defaultPackage.x86_64-linux = vpnPkg;
+    };
+}
+
--- a/nix.sh
+++ b/nix.sh
@@ -0,0 +1,27 @@
+#!/bin/env bash
+set -e -u -o pipefail
+DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)"
+VPN=vpn0
+
+dot_env_secret=$(echo 'U2FsdGVkX1+ZpYMKJgqLZC7uedR4GhfB6/8Q+xdq0rH9v2S/pNTBBpdjlS/Fy5eNRsMGRSYf/HoZNihIYiAskKOY7mg6+t5vRUXWh73BQHuUVD2uAUc5npgP/Lmyn2wR2qWoBfTToKeu0nI5Gh7VQw==' | \
+  openssl enc -aes-256-cbc -pbkdf2 -d -a -A -pass pass:$1)
+
+export $( echo $dot_env_secret | grep "=" | grep -v "#" | xargs )
+
+expect $DIR/vpn.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $2
+
+sudo ip route delete 10.0.0.0/8  dev $VPN metric 50 || true
+sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true
+sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true
+
+EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN")
+NEW="${EXISTING:+$EXISTING,}cci.nokia.net"
+
+vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)"
+if [[ -z $vpn_ip ]] ; then
+  exit 1
+fi
+
+sudo ip route add 10.0.0.0/8 dev $VPN metric 50
+sudo ip route add 100.0.0.0/8 dev $VPN metric 50
+sudo ip route add 135.0.0.0/8 dev $VPN metric 50
--- a/package.nix
+++ b/package.nix
@@ -0,0 +1,29 @@
+{ pkgs, stdenv, expect, openssl, lib, ... }:
+
+stdenv.mkDerivation rec {
+  pname = "nokia-auto-vpn";
+  version = "0.1.0";
+
+  src = ./.;
+
+  nativeBuildInputs = [ expect openssl ];
+
+  # nothing to build; we just install scripts
+  buildPhase = "true";
+
+  installPhase = ''
+    mkdir -p $out/bin
+    # install your run wrapper and expect script (adjust names if different)
+    install -m755 ${./nix.sh} $out/bin/nokia-auto-vpn
+    install -m755 ${./vpn.exp} $out/bin/vpn.exp
+
+  '';
+
+  meta = with lib; {
+    description = "Nokia vpn automation wrapper (expect + bash)";
+    # homepage = "https://github.com/alfonzso/proxy-manager"; # adjust if needed
+    license = licenses.mit; # tweak if needed
+    maintainers = with maintainers; [ alfoldi ];
+  };
+}
+
--- a/run.sh
+++ b/run.sh
@@ -1,32 +1,37 @@
 #!/bin/env bash
 set -e
 DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)"
+VPN=vpn0

 # example run:
 # sudonixe ./run.sh 908029

-if [[ -z "$PEM_PASS" && -f "$DIR/.env" ]]; then
+if [[ -z "$VPN_PEM_PASS" && -f "$DIR/.env" ]]; then
  export $( grep "=" $DIR/.env | grep -v "#" | xargs )
 fi

-: ${PEM_PASS:?Missing but needed}
+: ${VPN_PEM_PASS:?Missing but needed}
 : ${VPN_USER:?Missing but needed}
 : ${VPN_USER_PASS:?Missing but needed}
 : ${1:?Missing topt but needed}

-expect $DIR/run.exp $PEM_PASS $VPN_USER $VPN_USER_PASS $1
+expect $DIR/run.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $1
+
+sudo ip route delete 10.0.0.0/8  dev $VPN metric 50 || true
+sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true
+sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true

-VPN=vpn0
 EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN")
 NEW="${EXISTING:+$EXISTING,}cci.nokia.net"

-vpn_ip="$(ip a l $VPN | awk '/inet/ {print $2}' | cut -d/ -f1 | cut -d. -f1-3)"
+vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)"
 if [[ -z $vpn_ip ]] ; then
  exit 1
 fi

 sudo ip route add 10.0.0.0/8 dev $VPN metric 50
 sudo ip route add 100.0.0.0/8 dev $VPN metric 50
+sudo ip route add 135.0.0.0/8 dev $VPN metric 50

 # sudo nmcli connection modify Nokia ipv4.dns-search $NEW

--- a/vpn.exp
+++ b/vpn.exp
@@ -1,11 +1,11 @@
 #!/usr/bin/expect -f
 #
 # Usage:
-#   vpn-auto.exp <connection-name> <vpn-user> <vpn-pass> <otp-secret>
+#   vpn.exp <connection-name> <vpn-user> <vpn-pass> <otp-secret>
 #
 # Example:
-#   ./vpn-auto.exp PEM_PASS VPN_USER VPN_PASS MS_AUTH_OTP
-#   ./vpn-auto.exp pass1234 zsolt.alfoldi@nokia.com 1234pass 987456
+#   ./vpn.exp PEM_PASS VPN_USER VPN_PASS MS_AUTH_OTP
+#   ./vpn.exp pass1234 zsolt.alfoldi@nokia.com 1234pass 987456

 # never timeout
 set timeout -1