Hi, yes it does work as cli; there is a set of commands that comes with the nm package called “nmcli” You would go to terminal and type nmcli connection show to see everything configured, uuid, name, etc. You can edit, remove, or create a new connection. The style is similar to: nmcli connection add [COMMON_OPTIONS] [TYPE_SPECIFIC] [OPTIONS] [IP_OPTIONS]. I must say I was very surprised my self b/c after using nm for years, I really had no idea how functional it can be from commandline.
With regard to the drop in file, NM has a conf.d folder built in the /etc/NetworkManager directory. Right now, I put a small file in there that says to turn power-management off for example. Also a dispatcher.d folder where you can specify pre-up, pre-down info. I have not needed to experiment much with specialized configs, but I know you can write scripts in bash and place then in either conf.d or dispatcher.d according to what you needed to do.
Importantly, this is something that I have on a separate distro, not Kicksecure, but nm can of course be downloaded and used on Debian with no difficulty. It works quite well with Gnome. Setting it up with the gui is really a breeze.
I will admit I have literally zero experience with dns-crypt, so am not too sure about how to set it up. But, the kicksecure networking that you linked on github would probably be able to put its config files in the main /etc/NetworkManager folder. They supply a default folder for dnsmasq that lives there, so why not dns-crypt? It would probably just be a matter of letting nm know that dns-crypt controls the dns now. @HulaHoop, I agree with you sir; I too wish to avoid involving systemd in networking. Fortunately, both systemd-networkd and systemd-resolved can easily be first disabled and then masked.
I would be happy to offer any guidance or help on setting up nm if needed
Python would be great; I remember the incident you’re referring to. That’s the whole thing with the command injection vuln where a dhcp response was faked and the result was gained root privelege, or overflows and other manner of havoc.
“By default NetworkManager uses its internal DHCP client. The internal DHCPv4 plugin is based on the nettools’ n-dhcp4 library, while the internal DHCPv6 plugin is made from code based on systemd-networkd.”
Question: is an additional package for DHCP really needed here?
Nm likes (for dhcp assignment) to call the /sbin/dhclient/ script. Then, that script runs and in turn tells nm-dhcp-helper which takes over from there. My question is would it be hard to tell dhcpanon to deal with nm directly or would it take the place of dhclient and then communicate with nm-dhcp-helper?
Preferably, none but this wouldn’t be the most usable. DHCP is unencrypted and unauthenticated, making it vulnerable to MITM attacks. It can also leak certain identifiers like the hostname but dhcpcanon should solve these.
Tails has an issue on using dhcpcanon but it has no activity.
We could maybe create a script to automatically set up a static IP but this would be far more error-prone than DHCP.
Not sure that’s doable. Gets a lot more complex. An either DHCP or static wizard implementation would require a script. Generating the configuration files using a script makes the whole thing rather functional. While a DHCP implementation could be purely declarative (only config files).
Related to Focus on low-effort maintainability.
Then also CLI vs XFCE support. Must work in CLI somehow too. Think: server support. Using an ISO to install a server. In that case broken DHCP or any setup questions are even worse.
But it’s rather theoretic as we don’t even have a simple network manager / DHCP implementation yet, nobody yet signing up working on that, and missing other major parts such as kicksecure homepage, forums, iso, etc.
It definitely does, thank you!
It looks like 2 options: to use the python api for nm and have dhcpanon talk to nm directly, or to have the dhcpanon call nm-dhcp-helper script and communicate with nm via dbus and the helper script.