waybar vpn toggler

In my daily work, I often have to connect to different servers. However, these can only be administrated from certain IP addresses. That's why I've built a little helper plugin for the waybar. With this plugin it is possible to start/stop the existing systemd unit.

you know that i like opensource? that's why i have published my work to the following gist. Have a look and use it because it's free:
https://gist.github.com/bigfreak85/537b2dfab79cc1df84757e9a50b29c14

How it works

[mermaid] flowchart TD A[Waybar Button] <-->B{vpnupdown} B -->|up| C[systemctl start openvpn-client@...] B -->|down| D[systemctl stop openvpn-client@...] B <--> |status| E[systemctl is-active openvpn-client@...] [/mermaid]

This Scripts and Config Snippets are for a little Symbol in the Waybar. If you Click on the Tunnelsymbol the OpenVPN-Client establish a Connection to the given Config (Systemd Openvpn-Client). If you do not Need the Tunnel then you can Click again on the Symbol and the VPN-Tunnel gets closed. The following moving Parts are needed:

  1. The Waybar Config Snippit
  2. The Toggle/Status Script
  3. The Polkit Rule to allow the control of the OpenVPN-Client systemd-Unit by given user (a sudo nopasswd is also possible but

not so granular and allows systemctl completly)

1. the Waybar Config Snippet:

put the following lines in your waybar config:

"custom/vpn": {
"format": "{}",
"exec": "bash /home/bigfreak/.config/sway/tools/vpnupdown status",
// "exec-if": "test -d /proc/sys/net/ipv4/conf/tun0",
"tooltip": "true",
"return-type": "json",
"interval": 1,
"on-click": "bash /home/bigfreak/.config/sway/tools/vpnupdown toggle"
},
2. The Toggle/Status Script
# ******************************************************** #
#                                                          #
#                                                          #
#    vpnupdown                                             #
#                                                          #
#    By: Raffael Willems <Raffael.Willems@im-c.de>         #
#                                                          #
#    Created: 2023/12/06 13:46:41 by Raffael Willems       #
#    Updated: 2023/12/06 21:48:41 by Raffael Willems       #
#                                                          #
# ******************************************************** #

#!/bin/bash

STATUS="$(systemctl is-active openvpn-client@imc.service)"
if [ "${STATUS}" = "inactive" ]; then
  if [ $1 = 'toggle' ]; then
    systemctl start openvpn-client@imc.service
    text="{\"text\":\"󱠽 \",\"class\":\"enabled\"}"
  fi
  text="{\"text\":\"󱠾\",\"tooltip\":\"imc closed\"}"
else
  if [ $1 = 'toggle' ]; then
    systemctl stop openvpn-client@imc.service
    text="{\"text\":\"󱠾\",\"tooltip\":\"imc closed\"}"
  fi
  ADDR="$(ip -br addr show dev tun0 | awk '{ print $3 }')"
  text="{\"text\":\"󱠽 \",\"class\":\"enabled\",\"tooltip\":\"$ADDR\"}"
fi
echo $text
3. The Polkit Rule
polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.systemd1.manage-units" &&
        action.lookup("unit") == "openvpn-client@imc.service" &&
        subject.user == "bigfreak") {
        return polkit.Result.YES;
    }
});

Previous Post Next Post