Created
August 14, 2024 15:36
-
-
Save myypo/31c52196f7987ef62f54092cb07aefd7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| config, | |
| lib, | |
| pkgs, | |
| ... | |
| }: let | |
| nordVpnPkg = pkgs.callPackage ({ | |
| autoPatchelfHook, | |
| buildFHSEnvChroot, | |
| dpkg, | |
| fetchurl, | |
| lib, | |
| stdenv, | |
| sysctl, | |
| iptables, | |
| iproute2, | |
| procps, | |
| cacert, | |
| libxml2, | |
| libidn2, | |
| zlib, | |
| wireguard-tools, | |
| }: let | |
| pname = "nordvpn"; | |
| version = "3.18.3"; | |
| nordVPNBase = stdenv.mkDerivation { | |
| inherit pname version; | |
| src = fetchurl { | |
| url = "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/nordvpn_${version}_amd64.deb"; | |
| hash = "sha256-pCveN8cEwEXdvWj2FAatzg89fTLV9eYehEZfKq5JdaY="; | |
| }; | |
| buildInputs = [libxml2 libidn2]; | |
| nativeBuildInputs = [dpkg autoPatchelfHook stdenv.cc.cc.lib]; | |
| dontConfigure = true; | |
| dontBuild = true; | |
| unpackPhase = '' | |
| runHook preUnpack | |
| dpkg --extract $src . | |
| runHook postUnpack | |
| ''; | |
| installPhase = '' | |
| runHook preInstall | |
| mkdir -p $out | |
| mv usr/* $out/ | |
| mv var/ $out/ | |
| mv etc/ $out/ | |
| runHook postInstall | |
| ''; | |
| }; | |
| nordVPNfhs = buildFHSEnvChroot { | |
| name = "nordvpnd"; | |
| runScript = "nordvpnd"; | |
| # hardcoded path to /sbin/ip | |
| targetPkgs = pkgs: [ | |
| nordVPNBase | |
| sysctl | |
| iptables | |
| iproute2 | |
| procps | |
| cacert | |
| libxml2 | |
| libidn2 | |
| zlib | |
| wireguard-tools | |
| ]; | |
| }; | |
| in | |
| stdenv.mkDerivation { | |
| inherit pname version; | |
| dontUnpack = true; | |
| dontConfigure = true; | |
| dontBuild = true; | |
| installPhase = '' | |
| runHook preInstall | |
| mkdir -p $out/bin $out/share | |
| ln -s ${nordVPNBase}/bin/nordvpn $out/bin | |
| ln -s ${nordVPNfhs}/bin/nordvpnd $out/bin | |
| ln -s ${nordVPNBase}/share/* $out/share/ | |
| ln -s ${nordVPNBase}/var $out/ | |
| runHook postInstall | |
| ''; | |
| meta = with lib; { | |
| description = "CLI client for NordVPN"; | |
| homepage = "https://www.nordvpn.com"; | |
| license = licenses.unfreeRedistributable; | |
| maintainers = with maintainers; [dr460nf1r3]; | |
| platforms = ["x86_64-linux"]; | |
| }; | |
| }) {}; | |
| in | |
| with lib; { | |
| options.myypo.services.custom.nordvpn.enable = mkOption { | |
| type = types.bool; | |
| default = false; | |
| description = '' | |
| Whether to enable the NordVPN daemon. Note that you'll have to set | |
| `networking.firewall.checkReversePath = false;`, add UDP 1194 | |
| and TCP 443 to the list of allowed ports in the firewall and add your | |
| user to the "nordvpn" group (`users.users.<username>.extraGroups`). | |
| ''; | |
| }; | |
| config = mkIf config.myypo.services.custom.nordvpn.enable { | |
| networking.firewall.checkReversePath = false; | |
| environment.systemPackages = [nordVpnPkg]; | |
| users.groups.nordvpn = {}; | |
| users.groups.nordvpn.members = ["myypo"]; | |
| systemd = { | |
| services.nordvpn = { | |
| description = "NordVPN daemon."; | |
| serviceConfig = { | |
| ExecStart = "${nordVpnPkg}/bin/nordvpnd"; | |
| ExecStartPre = pkgs.writeShellScript "nordvpn-start" '' | |
| mkdir -m 700 -p /var/lib/nordvpn; | |
| if [ -z "$(ls -A /var/lib/nordvpn)" ]; then | |
| cp -r ${nordVpnPkg}/var/lib/nordvpn/* /var/lib/nordvpn; | |
| fi | |
| ''; | |
| NonBlocking = true; | |
| KillMode = "process"; | |
| Restart = "on-failure"; | |
| RestartSec = 5; | |
| RuntimeDirectory = "nordvpn"; | |
| RuntimeDirectoryMode = "0750"; | |
| Group = "nordvpn"; | |
| }; | |
| wantedBy = ["multi-user.target"]; | |
| after = ["network-online.target"]; | |
| wants = ["network-online.target"]; | |
| }; | |
| }; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment