flake-update-20260201
 1#!/usr/bin/env bash
 2# Connect to RedHat VPN
 3# This will ask for which VPN to connect (using available tools) and
 4# do some magic
 5set -e
 6
 7# Detect desktop environment and available tools
 8DESKTOP="${XDG_CURRENT_DESKTOP:-}"
 9GRAPHICS=1
10
11# Check if running in a graphical environment
12if [[ "$DESKTOP" != "sway" && "$DESKTOP" != "niri" ]]; then
13	if ! command -v xset &>/dev/null; then
14		GRAPHICS=0
15	elif ! timeout 1s xset q &>/dev/null; then
16		GRAPHICS=0
17	fi
18fi
19
20# Select VPN connection based on environment
21if [[ GRAPHICS -eq 0 ]]; then
22	# Terminal: use fzf
23	connection="$(nmcli connection show | grep vpn | fzf)"
24elif [[ "$DESKTOP" == "sway" || "$DESKTOP" == "niri" ]]; then
25	# Wayland compositors (Sway/Niri): use fuzzel
26	connection="$(nmcli connection show | grep vpn | awk '{print $1, $2, $3, $4}' | fuzzel --dmenu --prompt "VPN: ")"
27else
28	# X11: use zenity
29	connection="$(nmcli connection show | grep vpn | zenity --list --title "Red Hat VPNs" --text "Choose your VPN.." --column "Name" --width=600 --height=450)"
30fi
31NOTIFY_CMD="notify-send"
32if [[ GRAPHICS -eq 0 ]]; then
33	NOTIFY_CMD="echo"
34fi
35
36uuid=$(echo "${connection}" | awk '{print $4}')
37name=$(echo "${connection}" | awk '{print $1 $2 $3}')
38VPNSTATUS=$(nmcli connection show --active "$uuid" | wc -l)
39if [ "$VPNSTATUS" == "0" ]; then
40	key=$(authkey)
41	passfile=$(mktemp)
42
43	echo -n "vpn.secrets.password:" >"$passfile"
44	passage show redhat/vpn/pass | tr -d '\r\n' 2>/dev/null >>"$passfile"
45	# gpg --decrypt $HOME/sync/naruhodo.pass.gpg 2>/dev/null >>"$passfile"
46	echo -n "${key}" >>"$passfile"
47
48	nmcli connection up "${uuid}" passwd-file "$passfile"
49	rm "$passfile"
50	$NOTIFY_CMD "VPN ${name} is connected." "You are now connected to the Red Hat VPN, let's work !"
51else
52	$NOTIFY_CMD "VPN ${name} is already connected." "You are already connected to the Red Hat VPN, let's work !"
53fi
54# Ask for kerberos password if klist returns an error (no creds)
55kinit vdemeest@IPA.REDHAT.COM <<<"$(passage show redhat/ldap/vdemeest)"
56# gpg --decrypt $HOME/sync/pass.gpg 2>/dev/null | kinit vdemeest@REDHAT.COM
57# if ! [[ GRAPHICS -eq 0 ]]; then
58#     klist || {
59#         zenity --password --title="Kerberos password" | kinit vdemeest@REDHAT.COM
60#     }
61# fi