VPN failsafe working

2022-04-09 19:04:11 -04:00 · 2022-04-09 19:04:11 -04:00 · e8ebcfc2be
commit e8ebcfc2be
parent 11600ef4d7
2 changed files with 14 additions and 24 deletions
--- a/common/pia.nix
+++ b/common/pia.nix
@ -2,6 +2,16 @@

 let
  cfg = config.pia;
+  vpnfailsafe = pkgs.stdenv.mkDerivation {
+    pname = "vpnfailsafe";
+    version = "0.0.1";
+    src = ./.;
+    installPhase = ''
+      mkdir -p $out
+      cp vpnfailsafe.sh $out/vpnfailsafe.sh
+      sed -i 's|getent|${pkgs.getent}/bin/getent|' $out/vpnfailsafe.sh
+    '';
+  };
 in
 {
  options.pia = {
@ -11,7 +21,7 @@ in
  config = lib.mkIf cfg.enable {
    services.openvpn = {
      servers = {
-        us-east = {
+        pia = {
          config = ''
 client
 dev tun
@ -88,8 +98,8 @@ disable-occ
 auth-user-pass /run/agenix/pia-login.conf
          '';
          autoStart = true;
-          # up = "${./vpnfailsafe.sh}";
-          # down = "${./vpnfailsafe.sh}";
+          up = "${vpnfailsafe}/vpnfailsafe.sh";
+          down = "${vpnfailsafe}/vpnfailsafe.sh";
        };
      };
    };
--- a/common/vpnfailsafe.sh
+++ b/common/vpnfailsafe.sh
@ -81,26 +81,6 @@ update_routes() {
    fi
 }

-# $@ := "up" | "down"
-update_resolv() {
-    case "$@" in
-        up) local domains="" ns=""
-            for opt in ${!foreign_option_*}; do
-                case "${!opt}" in
-                    dhcp-option\ DOMAIN*) domains+=" ${!opt##* }";;
-                    dhcp-option\ DNS\ *) ns+=" ${!opt##* }";;
-                    *) ;;
-                esac
-            done
-            if [[ -n "$ns" ]]; then
-                echo -e "${domains/ /search }\\n${ns// /$'\n'nameserver }"|resolvconf -xa "$dev"
-            else
-                echo "$0: WARNING: no DNS was pushed by the VPN server, this could cause a DNS leak" >&2
-            fi;;
-        down) resolvconf -fd "$dev" 2>/dev/null || true;;
-    esac
-}
-
 # $@ := ""
 update_firewall() {
    # $@ := "INPUT" | "OUTPUT" | "FORWARD"
@ -198,7 +178,7 @@ trap 'err_msg "$LINENO" "$?"' ERR
 # $@ := ""
 main() {
    case "${script_type:-down}" in
-        up) for f in hosts routes resolv firewall; do "update_$f" up; done;;
+        up) for f in hosts routes firewall; do "update_$f" up; done;;
        down) update_routes down
              update_resolv down;;
    esac