dotfiles

custom linux config files managed with gnu stow

dotfiles

bin/.local/bin/vpn


#!/bin/bash
#   _______._____.__________._________
#   \_    (|     /   ._     \         \
#     \    l    /    |/     /  /      /
#      \_______/    /l_____X___\______\
#            \_____/
#  ▓▓▓▓▓▓▓▓▓▓
# ░▓ author ▓ xero <x@xero.style>
# ░▓ code   ▓ https://code.x-e.ro/dotfiles
# ░▓ mirror ▓ https://git.io/.files
# ░▓▓▓▓▓▓▓▓▓▓
# ░░░░░░░░░░

#█▓▒░  dont run as root
[ "$(id -u)" -eq 0 ] && { echo "just be yourself"; exit 0; }

usage() {
	me="$(basename "$(test -L "{{&blob}}" && readlink "{{&blob}}" || echo "{{&blob}}")")"
cat <<x0
 _______._____.__________._________
 \_    (|     /   ._     \         \
   \    l    /    |/     /  /      /
    \_______/    /l_____X___\______\
           \____/
 usage: ${me} [-h|-a|-s|-d|-p|-c|-q] host
   -a|--account  : 1password account alias
   -s|--secret   : 1password secret item for login
   -d|--dns      : private ipv4 dns server
   -p|--protocol : openconnect protocol (default anyconnect)
   -c|--cert     : pinned tls cert hash
   -q|--quit     : disconnect vpn and proxy
x0
	exit 0
}

function get_login() {
	pass=$(op item get "" --fields password)
	mfa=$(op item get "" --otp)
	echo "${pass},${mfa}"
}
function get_user() {
	user=$(op item get "" --fields email)
	[ -z "$user" ] && echo "failed to get user, op signin?" && exit 1
	[[ $user =~ @ ]] && user=$(echo "$user" | sed 's/@.*//')
	echo "$user"
}
function connect() {
	user=
	login=
	host=
	dns=
	protocol=
	cert=
	[ -z "$cert" ] || cert="--servercert $cert"
	[ -z "$dns" ] || export INTERNAL_IP4_DNS=$dns
	echo "starting vpn processes"
	echo "${login}" | /usr/sbin/openconnect \
		-b -u "${user}" \
		--passwd-on-stdin \
		--protocol=${protocol} \
		${cert} \
        -S --script "vpnns --attach" \
		"${host}"
}
function disconnect() {
	echo "killing vpn processes"
	pkill openconnect
	pkill vpnns
	exit
}

function parse_arguments() {
	account=''
	secret=''
	host=''
	dns=''
	protocol='anyconnect'
	cert=''
	options=$(getopt -o ha:s:d:p:c:q -l help,account:,secret:,dns:,protocol:,cert:,quit -- "$@") || exit 1
	set -- $options
	while [ $# -gt 0 ];do
		case  in
		-h|--help) usage ;;
		-a|--account) account="${2//\'/}" ; shift;;
		-s|--secret) secret="${2//\'/}" ; shift;;
		-d|--dns) dns="${2//\'/}" ; shift;;
		-p|--protocol) protocol="${2//\'/}" ; shift;;
		-c|--cert) cert="${2//\'/}" ; shift;;
		-q|--quit) disconnect;;
		(--) host="${2//\'/}" ; shift; break;;
		(-*) echo "vpn error - unrecognized option " 1>&2; usage;;
		(*) break;;
		esac
		shift
	done
	[ -z "$host" ] && usage
	[[ "$host" =~ ^(quit|exit|disconnect)$ ]] && disconnect
	[ -z "$account" ] || account="--account ${account}"
    eval $(op signin ${account})
	echo "getting credentials"
	user="$(get_user $secret)"
	login="$(get_login $secret)"
	connect "$user" "$login" "$host" "$dns" "$protocol" "$cert"
}

# fail fast w/ proper exit codes
set -eo pipefail
# main application logic
parse_arguments "$@"

Download

raw zip tar