From ec3fa96850ff534a241f7ebf2e4cdc13efdf3891 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Thu, 14 May 2026 10:58:38 +0100 Subject: feat(waybar): snx-rs VPN status indicator + click toggle New custom/snx-vpn module sits next to custom/vpn (the wireguard one): - snx-vpn-status.sh shells out to `snxctl status` (timeout 2s) and maps the output to three states: down (grey strikethrough), connecting/MFA (amber), up (green). Tooltip shows the full status block when up. - snx-vpn-toggle.sh disconnects when up, runs snxctl-chromium detached when down (so SAML lands in the flatpak ungoogled-chromium without blocking waybar). Both paths refresh the module via SIGRTMIN+9. --- dot_config/waybar/config.jsonc | 9 +++++++++ dot_config/waybar/executable_snx-vpn-status.sh | 20 ++++++++++++++++++ dot_config/waybar/executable_snx-vpn-toggle.sh | 28 ++++++++++++++++++++++++++ 3 files changed, 57 insertions(+) create mode 100644 dot_config/waybar/executable_snx-vpn-status.sh create mode 100644 dot_config/waybar/executable_snx-vpn-toggle.sh diff --git a/dot_config/waybar/config.jsonc b/dot_config/waybar/config.jsonc index e5ea09b..80eb560 100644 --- a/dot_config/waybar/config.jsonc +++ b/dot_config/waybar/config.jsonc @@ -10,6 +10,7 @@ "temperature", "custom/memory", "custom/vpn", + "custom/snx-vpn", "network#bond", "custom/dock", "battery", @@ -119,6 +120,14 @@ "on-click": "~/.config/waybar/vpn-toggle.sh", }, + "custom/snx-vpn": { + "exec": "~/.config/waybar/snx-vpn-status.sh", + "return-type": "json", + "interval": 5, + "signal": 9, + "on-click": "~/.config/waybar/snx-vpn-toggle.sh", + }, + "battery": { "format": "{icon} {capacity}%", "format-charging": "󰂄 {capacity}%", diff --git a/dot_config/waybar/executable_snx-vpn-status.sh b/dot_config/waybar/executable_snx-vpn-status.sh new file mode 100644 index 0000000..9088630 --- /dev/null +++ b/dot_config/waybar/executable_snx-vpn-status.sh @@ -0,0 +1,20 @@ +#!/bin/sh +# Waybar custom/snx-vpn module: report the snx-rs (Check Point) tunnel +# state. `snxctl status` is fast (talks over a local UDS to the daemon) +# but might briefly stall during connect; cap it with `timeout`. + +# Bail out if the daemon socket isn't even there (snx-rs.service stopped). +out=$(timeout 2 snxctl status 2>/dev/null) || out= + +case "$out" in + '' | *"Disconnected"*) + printf '{"text":"󰌾 SNX","class":"down","tooltip":"snx-rs disconnected — click to connect"}\n' + ;; + *"Connecting"* | *"MFA pending"*) + printf '{"text":"󰌾 SNX…","class":"connecting","tooltip":"%s"}\n' "$(echo "$out" | head -1)" + ;; + *) + tooltip=$(echo "$out" | sed 's/"/\\"/g' | awk 'BEGIN{ORS="\\n"}{print}') + printf '{"text":"󰌾 SNX","class":"up","tooltip":"%s"}\n' "$tooltip" + ;; +esac diff --git a/dot_config/waybar/executable_snx-vpn-toggle.sh b/dot_config/waybar/executable_snx-vpn-toggle.sh new file mode 100644 index 0000000..f42690d --- /dev/null +++ b/dot_config/waybar/executable_snx-vpn-toggle.sh @@ -0,0 +1,28 @@ +#!/bin/sh +# Toggle the snx-rs (Check Point) tunnel. Connect goes through the +# snxctl-chromium wrapper so SAML lands in the flatpak ungoogled +# chromium (LibreWolf blocks the 127.0.0.1:7779 callback). +# +# Refresh the waybar custom/snx-vpn module immediately with SIGRTMIN+9. +set -eu + +state=$(timeout 2 snxctl status 2>/dev/null || echo Disconnected) + +case "$state" in + *"Disconnected"*) + # Detach so waybar doesn't block waiting for SAML. The inner script + # re-signals waybar when the connect attempt finishes so the badge + # flips immediately to its final state. + # shellcheck disable=SC2016 + setsid -f sh -c ' + "$HOME/.local/bin/snxctl-chromium" >/tmp/snxctl-chromium.log 2>&1 + pid=$(pidof waybar) && kill -SIGRTMIN+9 $pid 2>/dev/null || true + ' + ;; + *) + snxctl disconnect >/dev/null 2>&1 || true + ;; +esac + +pid=$(pidof waybar || true) +[ -n "$pid" ] && kill -SIGRTMIN+9 "$pid" 2>/dev/null || true -- cgit v1.3.1