nixpkgs/nixos/modules/programs/captive-browser.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

153 lines
5.1 KiB
Nix
Raw Normal View History

2019-03-21 13:23:12 +01:00
{ config, lib, pkgs, ... }:
let
cfg = config.programs.captive-browser;
2022-03-08 04:56:13 +01:00
inherit (lib)
concatStringsSep escapeShellArgs optionalString
literalExpression mkEnableOption mkPackageOption mkIf mkOption
mkOptionDefault types;
2022-03-08 04:56:13 +01:00
requiresSetcapWrapper = config.boot.kernelPackages.kernelOlder "5.7" && cfg.bindInterface;
browserDefault = chromium: concatStringsSep " " [
''env XDG_CONFIG_HOME="$PREV_CONFIG_HOME"''
''${chromium}/bin/chromium''
''--user-data-dir=''${XDG_DATA_HOME:-$HOME/.local/share}/chromium-captive''
''--proxy-server="socks5://$PROXY"''
''--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"''
''--no-first-run''
''--new-window''
''--incognito''
''-no-default-browser-check''
''http://cache.nixos.org/''
];
2022-03-08 04:56:13 +01:00
desktopItem = pkgs.makeDesktopItem {
name = "captive-browser";
desktopName = "Captive Portal Browser";
exec = "captive-browser";
2022-03-08 04:56:13 +01:00
icon = "nix-snowflake";
categories = [ "Network" ];
};
captive-browser-configured = pkgs.writeShellScriptBin "captive-browser" ''
export PREV_CONFIG_HOME="$XDG_CONFIG_HOME"
export XDG_CONFIG_HOME=${pkgs.writeTextDir "captive-browser.toml" ''
browser = """${cfg.browser}"""
dhcp-dns = """${cfg.dhcp-dns}"""
socks5-addr = """${cfg.socks5-addr}"""
${optionalString cfg.bindInterface ''
bind-device = """${cfg.interface}"""
''}
''}
exec ${cfg.package}/bin/captive-browser
'';
2019-03-21 13:23:12 +01:00
in
{
###### interface
options = {
programs.captive-browser = {
enable = mkEnableOption (lib.mdDoc "captive browser");
package = mkPackageOption pkgs "captive-browser" { };
2019-03-21 13:23:12 +01:00
interface = mkOption {
type = types.str;
description = lib.mdDoc "your public network interface (wlp3s0, wlan0, eth0, ...)";
};
# the options below are the same as in "captive-browser.toml"
browser = mkOption {
type = types.str;
default = browserDefault pkgs.chromium;
defaultText = literalExpression (browserDefault "\${pkgs.chromium}");
2019-03-21 13:23:12 +01:00
description = lib.mdDoc ''
The shell (/bin/sh) command executed once the proxy starts.
2019-03-21 13:23:12 +01:00
When browser exits, the proxy exits. An extra env var PROXY is available.
Here, we use a separate Chrome instance in Incognito mode, so that
it can run (and be waited for) alongside the default one, and that
it maintains no state across runs. To configure this browser open a
normal window in it, settings will be preserved.
@volth: chromium is to open a plain HTTP (not HTTPS nor redirect to HTTPS!) website.
upstream uses http://example.com but I have seen captive portals whose DNS server resolves "example.com" to 127.0.0.1
'';
};
dhcp-dns = mkOption {
type = types.str;
description = lib.mdDoc ''
The shell (/bin/sh) command executed to obtain the DHCP
2019-03-21 13:23:12 +01:00
DNS server address. The first match of an IPv4 regex is used.
IPv4 only, because let's be real, it's a captive portal.
'';
};
socks5-addr = mkOption {
type = types.str;
default = "localhost:1666";
description = lib.mdDoc "the listen address for the SOCKS5 proxy server";
2019-03-21 13:23:12 +01:00
};
bindInterface = mkOption {
default = true;
type = types.bool;
description = lib.mdDoc ''
Binds `captive-browser` to the network interface declared in
`cfg.interface`. This can be used to avoid collisions
with private subnets.
'';
};
2019-03-21 13:23:12 +01:00
};
};
###### implementation
config = mkIf cfg.enable {
2022-03-08 04:56:13 +01:00
environment.systemPackages = [
(pkgs.runCommand "captive-browser-desktop-item" { } ''
2022-03-08 04:56:13 +01:00
install -Dm444 -t $out/share/applications ${desktopItem}/share/applications/*.desktop
'')
captive-browser-configured
2022-03-08 04:56:13 +01:00
];
2019-03-21 13:23:12 +01:00
programs.captive-browser.dhcp-dns =
let
iface = prefixes:
optionalString cfg.bindInterface (escapeShellArgs (prefixes ++ [ cfg.interface ]));
in
mkOptionDefault (
if config.networking.networkmanager.enable then
"${pkgs.networkmanager}/bin/nmcli dev show ${iface []} | ${pkgs.gnugrep}/bin/fgrep IP4.DNS"
else if config.networking.dhcpcd.enable then
"${pkgs.dhcpcd}/bin/dhcpcd ${iface ["-U"]} | ${pkgs.gnugrep}/bin/fgrep domain_name_servers"
else if config.networking.useNetworkd then
"${cfg.package}/bin/systemd-networkd-dns ${iface []}"
else
"${config.security.wrapperDir}/udhcpc --quit --now -f ${iface ["-i"]} -O dns --script ${
pkgs.writeShellScript "udhcp-script" ''
if [ "$1" = bound ]; then
echo "$dns"
fi
''}"
);
2019-03-21 13:23:12 +01:00
security.wrappers.udhcpc = {
owner = "root";
group = "root";
capabilities = "cap_net_raw+p";
source = "${pkgs.busybox}/bin/udhcpc";
2019-03-21 13:23:12 +01:00
};
security.wrappers.captive-browser = mkIf requiresSetcapWrapper {
owner = "root";
group = "root";
capabilities = "cap_net_raw+p";
source = "${captive-browser-configured}/bin/captive-browser";
2019-03-21 13:23:12 +01:00
};
};
}