From 9498c8f44321f61d6698bc275abc4e1d6141b18c Mon Sep 17 00:00:00 2001 From: volth Date: Thu, 21 Mar 2019 12:23:12 +0000 Subject: [PATCH] captive-browser: init at 2019-04-14 --- nixos/modules/module-list.nix | 1 + nixos/modules/programs/captive-browser.nix | 108 ++++++++++++++++++ .../browsers/captive-browser/default.nix | 14 +++ pkgs/top-level/all-packages.nix | 2 + 4 files changed, 125 insertions(+) create mode 100644 nixos/modules/programs/captive-browser.nix create mode 100644 pkgs/applications/networking/browsers/captive-browser/default.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index e9a5b8b9445d..9ba4eb5fe86e 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -90,6 +90,7 @@ ./programs/bcc.nix ./programs/blcr.nix ./programs/browserpass.nix + ./programs/captive-browser.nix ./programs/ccache.nix ./programs/cdemu.nix ./programs/chromium.nix diff --git a/nixos/modules/programs/captive-browser.nix b/nixos/modules/programs/captive-browser.nix new file mode 100644 index 000000000000..9765a5fa3df7 --- /dev/null +++ b/nixos/modules/programs/captive-browser.nix @@ -0,0 +1,108 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.programs.captive-browser; +in +{ + ###### interface + + options = { + programs.captive-browser = { + enable = mkEnableOption "captive browser"; + + package = mkOption { + type = types.package; + default = pkgs.captive-browser; + }; + + interface = mkOption { + type = types.str; + description = "your public network interface (wlp3s0, wlan0, eth0, ...)"; + }; + + # the options below are the same as in "captive-browser.toml" + browser = mkOption { + type = types.str; + default = concatStringsSep " " [ ''${pkgs.chromium}/bin/chromium'' + ''--user-data-dir=$HOME/.chromium-captive'' + ''--proxy-server="socks5://$PROXY"'' + ''--host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE localhost"'' + ''--no-first-run'' + ''--new-window'' + ''--incognito'' + ''http://cache.nixos.org/'' + ]; + description = '' + the shell (/bin/sh) command executed once the proxy starts. + When browser exits, the proxy exits. An extra env var PROXY is available. + + Here, we use a separate Chrome instance in Incognito mode, so that + it can run (and be waited for) alongside the default one, and that + it maintains no state across runs. To configure this browser open a + normal window in it, settings will be preserved. + + @volth: chromium is to open a plain HTTP (not HTTPS nor redirect to HTTPS!) website. + upstream uses http://example.com but I have seen captive portals whose DNS server resolves "example.com" to 127.0.0.1 + ''; + }; + + dhcp-dns = mkOption { + type = types.str; + description = '' + the shell (/bin/sh) command executed to obtain the DHCP + DNS server address. The first match of an IPv4 regex is used. + IPv4 only, because let's be real, it's a captive portal. + ''; + }; + + socks5-addr = mkOption { + type = types.str; + default = "localhost:1666"; + description = ''the listen address for the SOCKS5 proxy server''; + }; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + + programs.captive-browser.dhcp-dns = mkOptionDefault ( + if config.networking.networkmanager.enable then + "${pkgs.networkmanager}/bin/nmcli dev show ${escapeShellArg cfg.interface} | ${pkgs.gnugrep}/bin/fgrep IP4.DNS" + else if config.networking.dhcpcd.enable then + "${pkgs.dhcpcd}/bin/dhcpcd -U ${escapeShellArg cfg.interface} | ${pkgs.gnugrep}/bin/fgrep domain_name_servers" + else if config.networking.useNetworkd then + "${cfg.package}/bin/systemd-networkd-dns ${escapeShellArg cfg.interface}" + else + "${config.security.wrapperDir}/udhcpc --quit --now -f -i ${escapeShellArg cfg.interface} -O dns --script ${ + pkgs.writeScript "udhcp-script" '' + #!/bin/sh + if [ "$1" = bound ]; then + echo "$dns" + fi + ''}" + ); + + security.wrappers.udhcpc = { + capabilities = "cap_net_raw+p"; + source = "${pkgs.busybox}/bin/udhcpc"; + }; + + security.wrappers.captive-browser = { + capabilities = "cap_net_raw+p"; + source = pkgs.writeScript "captive-browser" '' + #!${pkgs.bash}/bin/bash + export XDG_CONFIG_HOME=${pkgs.writeTextDir "captive-browser.toml" '' + browser = """${cfg.browser}""" + dhcp-dns = """${cfg.dhcp-dns}""" + socks5-addr = """${cfg.socks5-addr}""" + bind-device = """${cfg.interface}""" + ''} + exec ${cfg.package}/bin/captive-browser + ''; + }; + }; +} diff --git a/pkgs/applications/networking/browsers/captive-browser/default.nix b/pkgs/applications/networking/browsers/captive-browser/default.nix new file mode 100644 index 000000000000..13d1de7fa0e8 --- /dev/null +++ b/pkgs/applications/networking/browsers/captive-browser/default.nix @@ -0,0 +1,14 @@ +{ fetchFromGitHub, buildGoPackage }: + +buildGoPackage rec { + name = "captive-browser"; + version = "2019-04-14"; + goPackagePath = name; + + src = fetchFromGitHub { + owner = "FiloSottile"; + repo = "captive-browser"; + rev = "b96bd8a2aca14505cf8432935ee9add15ec39a57"; + sha256 = "1k7r7rckb81m11hr6nzw3w8wx76hbl4740xg4818vdm5py1hv5ij"; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e70651de84ca..78cab631bc43 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9729,6 +9729,8 @@ in capnproto = callPackage ../development/libraries/capnproto { }; + captive-browser = callPackage ../applications/networking/browsers/captive-browser { }; + ndn-cxx = callPackage ../development/libraries/ndn-cxx { }; cddlib = callPackage ../development/libraries/cddlib {};