From e8ebcfc2be9349587ee23b8894ac9f4244aa9705 Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Sat, 9 Apr 2022 19:04:11 -0400
Subject: [PATCH] VPN failsafe working

---
 common/pia.nix        | 16 +++++++++++++---
 common/vpnfailsafe.sh | 22 +---------------------
 2 files changed, 14 insertions(+), 24 deletions(-)

diff --git a/common/pia.nix b/common/pia.nix
index b074f41..fa63477 100644
--- a/common/pia.nix
+++ b/common/pia.nix
@@ -2,6 +2,16 @@
 
 let
   cfg = config.pia;
+  vpnfailsafe = pkgs.stdenv.mkDerivation {
+    pname = "vpnfailsafe";
+    version = "0.0.1";
+    src = ./.;
+    installPhase = ''
+      mkdir -p $out
+      cp vpnfailsafe.sh $out/vpnfailsafe.sh
+      sed -i 's|getent|${pkgs.getent}/bin/getent|' $out/vpnfailsafe.sh
+    '';
+  };
 in
 {
   options.pia = {
@@ -11,7 +21,7 @@ in
   config = lib.mkIf cfg.enable {
     services.openvpn = {
       servers = {
-        us-east = {
+        pia = {
           config = ''
 client
 dev tun
@@ -88,8 +98,8 @@ disable-occ
 auth-user-pass /run/agenix/pia-login.conf
           '';
           autoStart = true;
-          # up = "${./vpnfailsafe.sh}";
-          # down = "${./vpnfailsafe.sh}";
+          up = "${vpnfailsafe}/vpnfailsafe.sh";
+          down = "${vpnfailsafe}/vpnfailsafe.sh";
         };
       };
     };
diff --git a/common/vpnfailsafe.sh b/common/vpnfailsafe.sh
index ec1f432..e929c3c 100755
--- a/common/vpnfailsafe.sh
+++ b/common/vpnfailsafe.sh
@@ -81,26 +81,6 @@ update_routes() {
     fi
 }
 
-# $@ := "up" | "down"
-update_resolv() {
-    case "$@" in
-        up) local domains="" ns=""
-            for opt in ${!foreign_option_*}; do
-                case "${!opt}" in
-                    dhcp-option\ DOMAIN*) domains+=" ${!opt##* }";;
-                    dhcp-option\ DNS\ *) ns+=" ${!opt##* }";;
-                    *) ;;
-                esac
-            done
-            if [[ -n "$ns" ]]; then
-                echo -e "${domains/ /search }\\n${ns// /$'\n'nameserver }"|resolvconf -xa "$dev"
-            else
-                echo "$0: WARNING: no DNS was pushed by the VPN server, this could cause a DNS leak" >&2
-            fi;;
-        down) resolvconf -fd "$dev" 2>/dev/null || true;;
-    esac
-}
-
 # $@ := ""
 update_firewall() {
     # $@ := "INPUT" | "OUTPUT" | "FORWARD"
@@ -198,7 +178,7 @@ trap 'err_msg "$LINENO" "$?"' ERR
 # $@ := ""
 main() {
     case "${script_type:-down}" in
-        up) for f in hosts routes resolv firewall; do "update_$f" up; done;;
+        up) for f in hosts routes firewall; do "update_$f" up; done;;
         down) update_routes down
               update_resolv down;;
     esac