Merge pull request #58036 from volth/captive-browser

nixos/programs.captive-browser: init
This commit is contained in:
Maximilian Bosch 2019-06-13 14:05:13 +02:00 committed by GitHub
commit d1990cff8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 133 additions and 0 deletions

View File

@ -91,6 +91,7 @@
./programs/bcc.nix ./programs/bcc.nix
./programs/blcr.nix ./programs/blcr.nix
./programs/browserpass.nix ./programs/browserpass.nix
./programs/captive-browser.nix
./programs/ccache.nix ./programs/ccache.nix
./programs/cdemu.nix ./programs/cdemu.nix
./programs/chromium.nix ./programs/chromium.nix

View File

@ -0,0 +1,108 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.captive-browser;
in
{
###### interface
options = {
programs.captive-browser = {
enable = mkEnableOption "captive browser";
package = mkOption {
type = types.package;
default = pkgs.captive-browser;
};
interface = mkOption {
type = types.str;
description = "your public network interface (wlp3s0, wlan0, eth0, ...)";
};
# the options below are the same as in "captive-browser.toml"
browser = mkOption {
type = types.str;
default = concatStringsSep " " [ ''${pkgs.chromium}/bin/chromium''
''--user-data-dir=$HOME/.chromium-captive''
''--proxy-server="socks5://$PROXY"''
''--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"''
''--no-first-run''
''--new-window''
''--incognito''
''http://cache.nixos.org/''
];
description = ''
the shell (/bin/sh) command executed once the proxy starts.
When browser exits, the proxy exits. An extra env var PROXY is available.
Here, we use a separate Chrome instance in Incognito mode, so that
it can run (and be waited for) alongside the default one, and that
it maintains no state across runs. To configure this browser open a
normal window in it, settings will be preserved.
@volth: chromium is to open a plain HTTP (not HTTPS nor redirect to HTTPS!) website.
upstream uses http://example.com but I have seen captive portals whose DNS server resolves "example.com" to 127.0.0.1
'';
};
dhcp-dns = mkOption {
type = types.str;
description = ''
the shell (/bin/sh) command executed to obtain the DHCP
DNS server address. The first match of an IPv4 regex is used.
IPv4 only, because let's be real, it's a captive portal.
'';
};
socks5-addr = mkOption {
type = types.str;
default = "localhost:1666";
description = ''the listen address for the SOCKS5 proxy server'';
};
};
};
###### implementation
config = mkIf cfg.enable {
programs.captive-browser.dhcp-dns = mkOptionDefault (
if config.networking.networkmanager.enable then
"${pkgs.networkmanager}/bin/nmcli dev show ${escapeShellArg cfg.interface} | ${pkgs.gnugrep}/bin/fgrep IP4.DNS"
else if config.networking.dhcpcd.enable then
"${pkgs.dhcpcd}/bin/dhcpcd -U ${escapeShellArg cfg.interface} | ${pkgs.gnugrep}/bin/fgrep domain_name_servers"
else if config.networking.useNetworkd then
"${cfg.package}/bin/systemd-networkd-dns ${escapeShellArg cfg.interface}"
else
"${config.security.wrapperDir}/udhcpc --quit --now -f -i ${escapeShellArg cfg.interface} -O dns --script ${
pkgs.writeScript "udhcp-script" ''
#!/bin/sh
if [ "$1" = bound ]; then
echo "$dns"
fi
''}"
);
security.wrappers.udhcpc = {
capabilities = "cap_net_raw+p";
source = "${pkgs.busybox}/bin/udhcpc";
};
security.wrappers.captive-browser = {
capabilities = "cap_net_raw+p";
source = pkgs.writeScript "captive-browser" ''
#!${pkgs.bash}/bin/bash
export XDG_CONFIG_HOME=${pkgs.writeTextDir "captive-browser.toml" ''
browser = """${cfg.browser}"""
dhcp-dns = """${cfg.dhcp-dns}"""
socks5-addr = """${cfg.socks5-addr}"""
bind-device = """${cfg.interface}"""
''}
exec ${cfg.package}/bin/captive-browser
'';
};
};
}

View File

@ -0,0 +1,22 @@
{ lib, fetchFromGitHub, buildGoPackage }:
buildGoPackage rec {
name = "captive-browser";
version = "2019-04-16";
goPackagePath = name;
src = fetchFromGitHub {
owner = "FiloSottile";
repo = "captive-browser";
rev = "08450562e58bf9564ee98ad64ef7b2800e53338f";
sha256 = "17icgjg7h0xm8g4yy38qjhsvlz9pmlmj9kydz01y2nyl0v02i648";
};
meta = with lib; {
description = "Dedicated Chrome instance to log into captive portals without messing with DNS settings";
homepage = https://blog.filippo.io/captive-browser;
license = licenses.mit;
platforms = platforms.linux;
maintainers = with maintainers; [ volth ];
};
}

View File

@ -10005,6 +10005,8 @@ in
capnproto = callPackage ../development/libraries/capnproto { }; capnproto = callPackage ../development/libraries/capnproto { };
captive-browser = callPackage ../applications/networking/browsers/captive-browser { };
ndn-cxx = callPackage ../development/libraries/ndn-cxx { }; ndn-cxx = callPackage ../development/libraries/ndn-cxx { };
cddlib = callPackage ../development/libraries/cddlib {}; cddlib = callPackage ../development/libraries/cddlib {};