2019-03-21 13:23:12 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.programs.captive-browser;
|
2022-03-08 04:56:13 +01:00
|
|
|
|
|
|
|
inherit (lib)
|
|
|
|
concatStringsSep escapeShellArgs optionalString
|
2023-11-27 01:19:27 +01:00
|
|
|
literalExpression mkEnableOption mkPackageOption mkIf mkOption
|
|
|
|
mkOptionDefault types;
|
2022-03-08 04:56:13 +01:00
|
|
|
|
2023-08-09 13:06:10 +02:00
|
|
|
requiresSetcapWrapper = config.boot.kernelPackages.kernelOlder "5.7" && cfg.bindInterface;
|
|
|
|
|
2021-12-05 22:52:01 +01:00
|
|
|
browserDefault = chromium: concatStringsSep " " [
|
|
|
|
''env XDG_CONFIG_HOME="$PREV_CONFIG_HOME"''
|
|
|
|
''${chromium}/bin/chromium''
|
|
|
|
''--user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive''
|
|
|
|
''--proxy-server="socks5://$PROXY"''
|
|
|
|
''--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"''
|
|
|
|
''--no-first-run''
|
|
|
|
''--new-window''
|
|
|
|
''--incognito''
|
|
|
|
''-no-default-browser-check''
|
|
|
|
''http://cache.nixos.org/''
|
|
|
|
];
|
2022-03-08 04:56:13 +01:00
|
|
|
|
|
|
|
desktopItem = pkgs.makeDesktopItem {
|
|
|
|
name = "captive-browser";
|
|
|
|
desktopName = "Captive Portal Browser";
|
2023-08-09 13:06:10 +02:00
|
|
|
exec = "captive-browser";
|
2022-03-08 04:56:13 +01:00
|
|
|
icon = "nix-snowflake";
|
|
|
|
categories = [ "Network" ];
|
|
|
|
};
|
|
|
|
|
2023-08-09 13:06:10 +02:00
|
|
|
captive-browser-configured = pkgs.writeShellScriptBin "captive-browser" ''
|
|
|
|
export PREV_CONFIG_HOME="$XDG_CONFIG_HOME"
|
|
|
|
export XDG_CONFIG_HOME=${pkgs.writeTextDir "captive-browser.toml" ''
|
|
|
|
browser = """${cfg.browser}"""
|
|
|
|
dhcp-dns = """${cfg.dhcp-dns}"""
|
|
|
|
socks5-addr = """${cfg.socks5-addr}"""
|
|
|
|
${optionalString cfg.bindInterface ''
|
|
|
|
bind-device = """${cfg.interface}"""
|
|
|
|
''}
|
|
|
|
''}
|
|
|
|
exec ${cfg.package}/bin/captive-browser
|
|
|
|
'';
|
2019-03-21 13:23:12 +01:00
|
|
|
in
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
|
|
|
|
options = {
|
|
|
|
programs.captive-browser = {
|
|
|
|
enable = mkEnableOption (lib.mdDoc "captive browser");
|
|
|
|
|
2023-11-27 01:19:27 +01:00
|
|
|
package = mkPackageOption pkgs "captive-browser" { };
|
2019-03-21 13:23:12 +01:00
|
|
|
|
|
|
|
interface = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = lib.mdDoc "your public network interface (wlp3s0, wlan0, eth0, ...)";
|
|
|
|
};
|
|
|
|
|
|
|
|
# the options below are the same as in "captive-browser.toml"
|
|
|
|
browser = mkOption {
|
|
|
|
type = types.str;
|
2021-12-05 22:52:01 +01:00
|
|
|
default = browserDefault pkgs.chromium;
|
|
|
|
defaultText = literalExpression (browserDefault "\${pkgs.chromium}");
|
2019-03-21 13:23:12 +01:00
|
|
|
description = lib.mdDoc ''
|
2019-06-14 20:17:37 +02:00
|
|
|
The shell (/bin/sh) command executed once the proxy starts.
|
2019-03-21 13:23:12 +01:00
|
|
|
When browser exits, the proxy exits. An extra env var PROXY is available.
|
|
|
|
|
|
|
|
Here, we use a separate Chrome instance in Incognito mode, so that
|
|
|
|
it can run (and be waited for) alongside the default one, and that
|
|
|
|
it maintains no state across runs. To configure this browser open a
|
|
|
|
normal window in it, settings will be preserved.
|
|
|
|
|
|
|
|
@volth: chromium is to open a plain HTTP (not HTTPS nor redirect to HTTPS!) website.
|
|
|
|
upstream uses http://example.com but I have seen captive portals whose DNS server resolves "example.com" to 127.0.0.1
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
dhcp-dns = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = lib.mdDoc ''
|
2019-06-14 20:17:37 +02:00
|
|
|
The shell (/bin/sh) command executed to obtain the DHCP
|
2019-03-21 13:23:12 +01:00
|
|
|
DNS server address. The first match of an IPv4 regex is used.
|
|
|
|
IPv4 only, because let's be real, it's a captive portal.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
socks5-addr = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "localhost:1666";
|
2021-01-24 10:19:10 +01:00
|
|
|
description = lib.mdDoc "the listen address for the SOCKS5 proxy server";
|
2019-03-21 13:23:12 +01:00
|
|
|
};
|
2019-06-14 20:17:37 +02:00
|
|
|
|
|
|
|
bindInterface = mkOption {
|
|
|
|
default = true;
|
|
|
|
type = types.bool;
|
|
|
|
description = lib.mdDoc ''
|
2022-08-13 05:15:06 +02:00
|
|
|
Binds `captive-browser` to the network interface declared in
|
2019-06-14 20:17:37 +02:00
|
|
|
`cfg.interface`. This can be used to avoid collisions
|
|
|
|
with private subnets.
|
|
|
|
'';
|
|
|
|
};
|
2019-03-21 13:23:12 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
###### implementation
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2022-03-08 04:56:13 +01:00
|
|
|
environment.systemPackages = [
|
2022-06-07 16:57:06 +02:00
|
|
|
(pkgs.runCommand "captive-browser-desktop-item" { } ''
|
2022-03-08 04:56:13 +01:00
|
|
|
install -Dm444 -t $out/share/applications ${desktopItem}/share/applications/*.desktop
|
|
|
|
'')
|
2023-08-09 13:06:10 +02:00
|
|
|
captive-browser-configured
|
2022-03-08 04:56:13 +01:00
|
|
|
];
|
2019-03-21 13:23:12 +01:00
|
|
|
|
2020-10-02 06:50:27 +02:00
|
|
|
programs.captive-browser.dhcp-dns =
|
|
|
|
let
|
2021-08-01 20:40:06 +02:00
|
|
|
iface = prefixes:
|
|
|
|
optionalString cfg.bindInterface (escapeShellArgs (prefixes ++ [ cfg.interface ]));
|
2020-10-02 06:50:27 +02:00
|
|
|
in
|
|
|
|
mkOptionDefault (
|
|
|
|
if config.networking.networkmanager.enable then
|
2021-08-01 20:40:06 +02:00
|
|
|
"${pkgs.networkmanager}/bin/nmcli dev show ${iface []} | ${pkgs.gnugrep}/bin/fgrep IP4.DNS"
|
2020-10-02 06:50:27 +02:00
|
|
|
else if config.networking.dhcpcd.enable then
|
2021-08-01 20:40:06 +02:00
|
|
|
"${pkgs.dhcpcd}/bin/dhcpcd ${iface ["-U"]} | ${pkgs.gnugrep}/bin/fgrep domain_name_servers"
|
2020-10-02 06:50:27 +02:00
|
|
|
else if config.networking.useNetworkd then
|
2021-08-01 20:40:06 +02:00
|
|
|
"${cfg.package}/bin/systemd-networkd-dns ${iface []}"
|
2020-10-02 06:50:27 +02:00
|
|
|
else
|
2021-08-01 20:40:06 +02:00
|
|
|
"${config.security.wrapperDir}/udhcpc --quit --now -f ${iface ["-i"]} -O dns --script ${
|
2020-10-02 06:50:27 +02:00
|
|
|
pkgs.writeShellScript "udhcp-script" ''
|
|
|
|
if [ "$1" = bound ]; then
|
|
|
|
echo "$dns"
|
|
|
|
fi
|
|
|
|
''}"
|
|
|
|
);
|
2019-03-21 13:23:12 +01:00
|
|
|
|
|
|
|
security.wrappers.udhcpc = {
|
2021-09-12 18:53:48 +02:00
|
|
|
owner = "root";
|
|
|
|
group = "root";
|
2020-10-02 06:50:27 +02:00
|
|
|
capabilities = "cap_net_raw+p";
|
|
|
|
source = "${pkgs.busybox}/bin/udhcpc";
|
2019-03-21 13:23:12 +01:00
|
|
|
};
|
|
|
|
|
2023-08-09 13:06:10 +02:00
|
|
|
security.wrappers.captive-browser = mkIf requiresSetcapWrapper {
|
2021-09-12 18:53:48 +02:00
|
|
|
owner = "root";
|
|
|
|
group = "root";
|
2020-10-02 06:50:27 +02:00
|
|
|
capabilities = "cap_net_raw+p";
|
2023-08-09 13:06:10 +02:00
|
|
|
source = "${captive-browser-configured}/bin/captive-browser";
|
2019-03-21 13:23:12 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|