evan/ewconfig
1
Fork 0
Code

Add script to autoconnect to guru vpn

Browse Source
This commit is contained in:
Evan Pratten 2023-10-11 11:45:01 -04:00
parent 4d837d7a1d
commit 953268f931
3 changed files with 128 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.vscode/tasks.json vendored Normal file
View File

@ -0,0 +1,13 @@
{
// See https://go.microsoft.com/fwlink/?LinkId=733558
// for the documentation about the tasks.json format
"version": "2.0.0",
"tasks": [
{
"label": "Run install script",
"type": "shell",
"command": "./install",
"problemMatcher": []
}
]
}

114
configs/scripts/guru-vpn.py Executable file
View File

@ -0,0 +1,114 @@
#! /usr/bin/env python3
import argparse
import sys
import subprocess
from typing import Optional
def has_ykman() -> bool:
try:
subprocess.run(["ykman", "--version"], check=True, stdout=subprocess.DEVNULL)
return True
except subprocess.CalledProcessError:
return False
def has_yk_plugged_in() -> bool:
devices = subprocess.run(["ykman", "list"], check=True, stdout=subprocess.PIPE)
devices = devices.stdout.decode("utf-8").split("\n")
return len(devices) > 1
def is_interface_up(interface: str) -> bool:
try:
subprocess.run(
["ip", "link", "show", interface], check=True, stdout=subprocess.DEVNULL
)
return True
except subprocess.CalledProcessError:
return False
def get_oath_code(service: str) -> Optional[int]:
response = subprocess.run(
["ykman", "oath", "accounts", "code", "Guru"],
check=True,
stdout=subprocess.PIPE,
)
output = response.stdout.decode("utf-8")
if not output:
return None
return int(output.split("\n")[0].split(" ")[-1])
def get_password(label: str, ns: str, key: str) -> str:
# Try to find it
try:
result = subprocess.run(
["secret-tool", "lookup", ns, key], check=True, stdout=subprocess.PIPE
)
return result.stdout.decode("utf-8")
except subprocess.CalledProcessError:
# If we are here, it doesn't exist
print(f"Enter your {label}")
subprocess.run(["secret-tool", "store", "--label", label, ns, key], check=True)
return get_password(label, ns, key)
def handle_connect(args: argparse.Namespace) -> int:
# If we are connected to AS54041, we need to briefly kill the connection
if is_interface_up("vpn"):
print("Bringing down AS54041 VPN")
subprocess.run(["sudo", "wg-quick", "down", "vpn"], check=True)
# Get the base password
base_password = get_password("Guru VPN Password", "guru-vpn", "base-password")
# Fetch the credentials from the Yubikey
oath_code = get_oath_code("Guru")
print(f"Using OATH code: {oath_code}")
# Construct the one-time password
password = f"{base_password}{oath_code}"
# Connect via nmcli
print("Bringing up Guru VPN")
subprocess.run(
[
"nmcli",
"connection",
"modify",
"Guru VPN",
"vpn.secrets",
f"password={password}",
],
check=True,
)
subprocess.run(["nmcli", "connection", "up", "Guru VPN"], check=True)
# Bring AS54041 back up
print("Bringing up AS54041 VPN")
subprocess.run(["sudo", "wg-quick", "up", "vpn"], check=True)
def main() -> int:
# Handle program arguments
ap = argparse.ArgumentParser(
prog="guru-vpn", description="Utility for connecting to the Guru VPN"
)
ap.add_argument("operation", choices=["connect"], help="Operation to perform")
args = ap.parse_args()
# Ensure we can actually get credentials from the Yubikey
if not has_ykman():
print("Could not execute `ykman`. Is it installed?", file=sys.stderr)
if not has_yk_plugged_in():
print("Could not find YubiKey. Is it plugged in?", file=sys.stderr)
# Handle subcommands
cmd_fns = {"connect": handle_connect}
return cmd_fns[args.operation](args)
if __name__ == "__main__":
sys.exit(main())

1
install.conf.yaml
View File

@ -62,6 +62,7 @@
~/bin/houdini-tool: configs/scripts/houdini-tool.py
~/bin/hython-latest: configs/scripts/hython-latest
~/bin/usdnc-to-usd: configs/scripts/usdnc-to-usd.py
~/bin/guru-vpn: configs/scripts/guru-vpn.py
# Systemd Services
# ~/.config/systemd/user/logid.service: configs/systemd/user/logid.service