Add WireGuard support to VPN manager, use nm-applet for auth

nm-applet replaces the foot terminal workaround for VPN authentication, providing a proper NetworkManager secret agent. moonarch-vpn now handles both VPN and WireGuard connection types. Waybar indicator switched from tun0 interface check to nmcli active connection query with signal-based instant refresh.
2026-03-30 19:14:10 +02:00
parent d1874dca6b
commit a86b95dd58
4 changed files with 75 additions and 65 deletions
@@ -1,100 +1,102 @@
 #!/usr/bin/env bash
 # ABOUTME: Walker-dmenu VPN connection manager using NetworkManager (nmcli).
-# ABOUTME: Lists VPN connections and toggles them on/off.
+# ABOUTME: Lists VPN/WireGuard connections and toggles them on/off with notifications.

-# Copyright (C) 2021  Damien Cassou
+# Based on rofi-vpn by Damien Cassou <damien@cassou.me>
+# https://gitlab.com/DamienCassou/rofi-vpn
+# Licensed under GPL-3.0-or-later

-# Author: Damien Cassou <damien@cassou.me>
-# Url: https://gitlab.com/DamienCassou/rofi-vpn
-# Version: 0.2.0
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <https://www.gnu.org/licenses/>.
-
-# Commentary:
-
-# This program uses rofi and nmcli to let the user enable/disable VPN
-# connections.
-
-# Code:
-
-# What to show in front of an active VPN connection:
+# Prefixes for active/inactive VPN connections (Nerd Font icons):
 ACTIVE_PREFIX="󰌘  "
-
-# What to show in front of an inactive VPN connection:
 INACTIVE_PREFIX="󰌙  "

-# Display on standard output all VPN connections, one per line. An
-# active VPN connection is prefixed with `ACTIVE_PREFIX` and an inactive
-# one is prefixed with `INACTIVE_PREFIX`.
+for cmd in nmcli walker notify-send; do
+    command -v "$cmd" >/dev/null 2>&1 || {
+        echo "Error: '$cmd' not found" >&2
+        exit 1
+    }
+done
+
+# List all VPN and WireGuard connections with active/inactive prefix.
 function list_vpn_connections() {
    nmcli --get-values ACTIVE,NAME,TYPE connection show \
-        | grep ':vpn$' \
+        | grep -E ':(vpn|wireguard)$' \
        | sed \
              -e "s/^no:/${INACTIVE_PREFIX}/" \
              -e "s/^yes:/${ACTIVE_PREFIX}/" \
-              -e 's/:vpn$//'
+              -e 's/:\(vpn\|wireguard\)$//'
 }

-# Take a line as displayed by `list_vpn_connections()` as argument and
-# use nmcli to toggle the corresponding connection.
+# Remove the known prefix to extract the bare connection name.
+function extract_connection_name() {
+    local result="$1"
+    result="${result#"$ACTIVE_PREFIX"}"
+    result="${result#"$INACTIVE_PREFIX"}"
+    echo "$result"
+}
+
+# Connect a VPN and notify the result.
+# Requires nm-applet (or another NM secret agent) for interactive auth.
+function connect_vpn() {
+    local connection="$1"
+    local feedback
+
+    if feedback=$(nmcli connection up "$connection" 2>&1); then
+        notify-send "VPN" "Connected to '$connection'"
+    else
+        notify-send -u critical "VPN" "Connection failed: $feedback"
+    fi
+}
+
+# Disconnect a VPN and notify the result.
+function disconnect_vpn() {
+    local connection="$1"
+    local feedback
+
+    if feedback=$(nmcli connection down "$connection" 2>&1); then
+        notify-send "VPN" "Disconnected from '$connection'"
+    else
+        notify-send -u critical "VPN" "Disconnect failed: $feedback"
+    fi
+}
+
+# Toggle the VPN connection based on its current state.
 function toggle_vpn_connection() {
    local result="$1"
    local connection

-    connection=$(extract_connection_name_from_result "${result}")
+    connection=$(extract_connection_name "$result")

-    if [[ $result = ${ACTIVE_PREFIX}* ]]; then
-        feedback=$(nmcli connection down "$connection")
-        notify-send "VPN Status '$connection'" "$feedback"
+    if [[ $result = "${ACTIVE_PREFIX}"* ]]; then
+        disconnect_vpn "$connection"
    else
-        foot -a="vpn-prompt" -T="VPN Connection" nmcli connection --ask up "$connection"
-        #feedback=$(nmcli connection up "$connection")
-        notify-send "VPN Status '$connection'" "Trying to connect"
+        connect_vpn "$connection"
    fi
+
+    pkill -RTMIN+9 waybar 2>/dev/null
 }

-# Take a line as displayed by `list_vpn_connections()` as argument and
-# remove `ACTIVE_PREFIX` or `INACTIVE_PREFIX` to only display the
-# connection name.
-function extract_connection_name_from_result() {
-    local result="$1"
-
-    # I don't know how to use plain bash to remove the prefix so I'm
-    # using sed:
-    # shellcheck disable=SC2001
-    sed -e 's/^.* \([^ ]\+\)$/\1/' <<< "$result"
-}
-
-# Execute the `rofi` command. The first argument of the function is
-# used as lines to select from.
-function start_rofi() {
+# Show the VPN picker using Walker.
+function pick_connection() {
    local content="$1"
    echo -e "$content" | walker -d -p "󰖂  VPN"
 }

-# List the VPN connections and let the user toggle one using rofi.
 function main() {
    local connections
    local result

    connections=$(list_vpn_connections)
-    result=$(start_rofi "$connections")

-    if [ -n "$result" ]; then
+    if [[ -z "$connections" ]]; then
+        notify-send "VPN" "No VPN connections configured"
+        exit 0
+    fi
+
+    result=$(pick_connection "$connections")
+
+    if [[ -n "$result" ]]; then
        toggle_vpn_connection "$result"
-    else
-        exit 1
    fi
 }