nevaforget
1e19f08776
Audit fixes for command injection risks in helper scripts: - moonarch-cpugov: eval for quoted COMMANDS expansion (pkexec context) - moonarch-btnote: while+read with process substitution, quoted vars - moonarch-vpn: -- guard before connection name in nmcli calls - post-install.sh: else-logging when USER_DEFAULTS dir missing
104 lines
2.7 KiB
Bash
Executable File
104 lines
2.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# ABOUTME: Walker-dmenu VPN connection manager using NetworkManager (nmcli).
|
|
# ABOUTME: Lists VPN/WireGuard connections and toggles them on/off with notifications.
|
|
|
|
# Based on rofi-vpn by Damien Cassou <damien@cassou.me>
|
|
# https://gitlab.com/DamienCassou/rofi-vpn
|
|
# Licensed under GPL-3.0-or-later
|
|
|
|
# Prefixes for active/inactive VPN connections (Nerd Font icons):
|
|
ACTIVE_PREFIX=" "
|
|
INACTIVE_PREFIX=" "
|
|
|
|
for cmd in nmcli walker notify-send; do
|
|
command -v "$cmd" >/dev/null 2>&1 || {
|
|
echo "Error: '$cmd' not found" >&2
|
|
exit 1
|
|
}
|
|
done
|
|
|
|
# List all VPN and WireGuard connections with active/inactive prefix.
|
|
function list_vpn_connections() {
|
|
nmcli --get-values ACTIVE,NAME,TYPE connection show \
|
|
| grep -E ':(vpn|wireguard)$' \
|
|
| sed \
|
|
-e "s/^no:/${INACTIVE_PREFIX}/" \
|
|
-e "s/^yes:/${ACTIVE_PREFIX}/" \
|
|
-e 's/:\(vpn\|wireguard\)$//'
|
|
}
|
|
|
|
# Remove the known prefix to extract the bare connection name.
|
|
function extract_connection_name() {
|
|
local result="$1"
|
|
result="${result#"$ACTIVE_PREFIX"}"
|
|
result="${result#"$INACTIVE_PREFIX"}"
|
|
echo "$result"
|
|
}
|
|
|
|
# Connect a VPN and notify the result.
|
|
# Requires nm-applet (or another NM secret agent) for interactive auth.
|
|
function connect_vpn() {
|
|
local connection="$1"
|
|
local feedback
|
|
|
|
if feedback=$(nmcli connection up -- "$connection" 2>&1); then
|
|
notify-send "VPN" "Connected to '$connection'"
|
|
else
|
|
notify-send -u critical "VPN" "Connection failed: $feedback"
|
|
fi
|
|
}
|
|
|
|
# Disconnect a VPN and notify the result.
|
|
function disconnect_vpn() {
|
|
local connection="$1"
|
|
local feedback
|
|
|
|
if feedback=$(nmcli connection down -- "$connection" 2>&1); then
|
|
notify-send "VPN" "Disconnected from '$connection'"
|
|
else
|
|
notify-send -u critical "VPN" "Disconnect failed: $feedback"
|
|
fi
|
|
}
|
|
|
|
# Toggle the VPN connection based on its current state.
|
|
function toggle_vpn_connection() {
|
|
local result="$1"
|
|
local connection
|
|
|
|
connection=$(extract_connection_name "$result")
|
|
|
|
if [[ $result = "${ACTIVE_PREFIX}"* ]]; then
|
|
disconnect_vpn "$connection"
|
|
else
|
|
connect_vpn "$connection"
|
|
fi
|
|
|
|
pkill -RTMIN+9 waybar 2>/dev/null
|
|
}
|
|
|
|
# Show the VPN picker using Walker.
|
|
function pick_connection() {
|
|
local content="$1"
|
|
echo -e "$content" | walker -d -p " VPN"
|
|
}
|
|
|
|
function main() {
|
|
local connections
|
|
local result
|
|
|
|
connections=$(list_vpn_connections)
|
|
|
|
if [[ -z "$connections" ]]; then
|
|
notify-send "VPN" "No VPN connections configured"
|
|
exit 0
|
|
fi
|
|
|
|
result=$(pick_connection "$connections")
|
|
|
|
if [[ -n "$result" ]]; then
|
|
toggle_vpn_connection "$result"
|
|
fi
|
|
}
|
|
|
|
main
|