Skip to content

feat: VPN toggle #689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

feat: VPN toggle #689

wants to merge 15 commits into from
+203 −1

Conversation

PixelKhaos
Copy link
Contributor

@PixelKhaos PixelKhaos commented Sep 24, 2025
edited
Loading

Fairly straightforward, optional toggle for using wireguard, netbird, tailscale VPN, using [provider] [up|down] on toggles and ip link show to list whether connections are available or not whenever a network change occurs.
Including toasts for connecting/disconnecting, and whenever shell starts.

image




pkexec is used for the auth for wireguard, I did setup a polkit rule for a session, otherwise asked for password on every toggle.
No getting around wg-quick being root

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.policykit.exec" &&
        subject.isInGroup("wheel")) {
        var command = action.lookup("command_line");
        if (command && (command.indexOf("wg-quick") >= 0)) {
            return polkit.Result.YES;
        }
    }
});

Edit: polkit rule adjusted to Result.YES

Updated for providers to be user configured, shortform allowed to use defaults.

A simple setup of using any predefined one, like warp can be;

"vpn": {
   "enabled": true,
   "provider": ["warp"]
}

or as custom as;

        "vpn": {
            "enabled": true,
            "provider": [
                {
                    "name": "wireguard",
                    "interface": "torguard",
                    "displayName": "Wireguard (Torguard)",
                    "connectCmd": ["pkexec", "wg-quick", "up", "torguard"],
                    "disconnectCmd": ["pkexec", "wg-quick", "down", "torguard"]
                }
            ]
        }

@Cleboost
Copy link

Cleboost commented Sep 28, 2025
edited
Loading

Do you think you can add support for netbird? It's mesh VPN like tailscale with netbird up & netbird down?

@PixelKhaos
Copy link
Contributor Author

PixelKhaos commented Sep 28, 2025
edited
Loading

Do you think you can add support for netbird? It's mesh VPN like tailscale with netbird up & netbird down?

I'll take a look at it, shouldn't be much harder than making a provider/tunnel variable for the actual command, since the rest of this just checks for changes in the network and if any active connections match the named tunnel defined in config or not

Edit: a little bit more involved actually it seems, but still doable :)

@PixelKhaos
Merge remote-tracking branch 'upstream/main' into feat/vpn-toggle
8234b26
@PixelKhaos
feat: multi-provider VPN support
799e9a8 
- Added support for netbird and tailscale providers
- Universal interface detection using ip link show
- Provider-specific privilege handling (pkexec only for wireguard)
- Updated README with VPN configuration examples
@PixelKhaos
Copy link
Contributor Author

@Cleboost Added now, works great, I like how it didn't need sudo or pkexec so I made just wireguard use that explicitly, so super smooth experience to toggle it for netbird :)

@Cleboost
Copy link

It's perfect thanks :)

@AlmiWasFound
Copy link

@PixelKhaos not sure if it's relatable but is it possible to add 1.1.1.1/warp in there as well? i believe there's quite a similar module in end4's configs, but please let me know :P

@AlmiWasFound
Copy link

It's kinda the same, with warp-cli connect and warp-cli disconnect so yeah.

AlmiWasFound
AlmiWasFound suggested changes Oct 10, 2025
View reviewed changes
Copy link

@AlmiWasFound AlmiWasFound left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

works great, but for wireguard you have to add in a polkit rule and it has to return as YES, not AUTH_SELF_KEEP. other than that, everything works fine!

@PixelKhaos
Copy link
Contributor Author

works great, but for wireguard you have to add in a polkit rule and it has to return as YES, not AUTH_SELF_KEEP. other than that, everything works fine!

@AlmiWasFound Oh yeah, changed that now, not sure why but seems there was some change so I too encountered it not allowing to run it.

I have also modified this whole bit to include a mapping of some default providers, and reworked to easily just define in the shell.json as an object. Less hardcoded.

A simple setup of using any predefined one, like warp can be;

"vpn": {
   "enabled": true,
   "provider": ["warp"]
}

or as custom as;

        "vpn": {
            "enabled": true,
            "provider": [
                {
                    "name": "wireguard",
                    "interface": "torguard",
                    "displayName": "Wireguard (Torguard)",
                    "connectCmd": ["pkexec", "wg-quick", "up", "torguard"],
                    "disconnectCmd": ["pkexec", "wg-quick", "down", "torguard"]
                }
            ]
        }

It will default for most things here, but lets you override things if there would ever be any need for it, or of course, just add whatever other provider you want to use or aliases, etc.

@AlmiWasFound
Copy link

Awesome! Everything works as expected! Tysm for the help, really appreciate it :D

AlmiWasFound
AlmiWasFound approved these changes Oct 12, 2025
View reviewed changes
Copy link

@AlmiWasFound AlmiWasFound left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comments dont work in .json files as far as i know, which causes the shell to not process/parse the code/vars in the shell.json file. correct me if im wrong though. everything else works fine

@PixelKhaos
Copy link
Contributor Author

comments dont work in .json files as far as i know, which causes the shell to not process/parse the code/vars in the shell.json file. correct me if im wrong though. everything else works fine

Was thinking people would remove the comments, since it's not jsonc, but better to remove it alltogether probably yeah.

@AlmiWasFound
Copy link

yeah, prob. you have to somehow add them in at the FAQ

soramanew
soramanew requested changes Oct 13, 2025
View reviewed changes
Copy link
Collaborator

@soramanew soramanew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! Just a few issues with style, I don't use a VPN personally so I didn't test this, but I trust that it works.

@PixelKhaos
Copy link
Contributor Author

Thanks for the PR! Just a few issues with style, I don't use a VPN personally so I didn't test this, but I trust that it works.

Oh yeah, understandable, in general it's all working with defaults, it's pretty straightforward check of whether configured interfaces are active or not, testing against defaults, but don't depend on any complex setups. all of these were free for me to test other than wireguard which I use myself and is the more particular one to setup.

And appreciate the feedback, pretty new to QML so there's some things I have to unlearn and get used to convention wise :)
also didnt realize qml linting was defaulting to version 1.0 for some reason so had to fix that haha

Cleboost
Cleboost reviewed Oct 13, 2025
View reviewed changes
Copy link

@Cleboost Cleboost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All work fine for me :)
I think you forgot to update the readme with new config

README.md
Comment on lines +598 to +602
{
"name": "wireguard",
"interface": "your-connection-name",
"displayName": "Wireguard (Your VPN)"
}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
{
"name": "wireguard",
"interface": "your-connection-name",
"displayName": "Wireguard (Your VPN)"
}
{
"name": "wireguard",
"interface": "your-connection-name",
"displayName": "Wireguard (Your VPN)",
"connectCmd": ["pkexec", "wg-quick", "up", "torguard"],
"disconnectCmd": ["pkexec", "wg-quick", "down", "torguard"]
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, those two extra lines are super optional, just as a way to specify outside of any of the other patterns of up/down|connect/disconnect. I would assume it almost never be used, but wanted it supported just in case.

soramanew
soramanew requested changes Oct 14, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@soramanew soramanew soramanew requested changes

+2 more reviewers

@Cleboost Cleboost Cleboost left review comments

@AlmiWasFound AlmiWasFound AlmiWasFound approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@PixelKhaos @Cleboost @AlmiWasFound @soramanew