-
-
Save myypo/31c52196f7987ef62f54092cb07aefd7 to your computer and use it in GitHub Desktop.
| { | |
| config, | |
| lib, | |
| pkgs, | |
| ... | |
| }: let | |
| nordVpnPkg = pkgs.callPackage ({ | |
| autoPatchelfHook, | |
| buildFHSEnvChroot, | |
| dpkg, | |
| fetchurl, | |
| lib, | |
| stdenv, | |
| sysctl, | |
| iptables, | |
| iproute2, | |
| procps, | |
| cacert, | |
| libxml2, | |
| libidn2, | |
| zlib, | |
| wireguard-tools, | |
| }: let | |
| pname = "nordvpn"; | |
| version = "3.18.3"; | |
| nordVPNBase = stdenv.mkDerivation { | |
| inherit pname version; | |
| src = fetchurl { | |
| url = "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/nordvpn_${version}_amd64.deb"; | |
| hash = "sha256-pCveN8cEwEXdvWj2FAatzg89fTLV9eYehEZfKq5JdaY="; | |
| }; | |
| buildInputs = [libxml2 libidn2]; | |
| nativeBuildInputs = [dpkg autoPatchelfHook stdenv.cc.cc.lib]; | |
| dontConfigure = true; | |
| dontBuild = true; | |
| unpackPhase = '' | |
| runHook preUnpack | |
| dpkg --extract $src . | |
| runHook postUnpack | |
| ''; | |
| installPhase = '' | |
| runHook preInstall | |
| mkdir -p $out | |
| mv usr/* $out/ | |
| mv var/ $out/ | |
| mv etc/ $out/ | |
| runHook postInstall | |
| ''; | |
| }; | |
| nordVPNfhs = buildFHSEnvChroot { | |
| name = "nordvpnd"; | |
| runScript = "nordvpnd"; | |
| # hardcoded path to /sbin/ip | |
| targetPkgs = pkgs: [ | |
| nordVPNBase | |
| sysctl | |
| iptables | |
| iproute2 | |
| procps | |
| cacert | |
| libxml2 | |
| libidn2 | |
| zlib | |
| wireguard-tools | |
| ]; | |
| }; | |
| in | |
| stdenv.mkDerivation { | |
| inherit pname version; | |
| dontUnpack = true; | |
| dontConfigure = true; | |
| dontBuild = true; | |
| installPhase = '' | |
| runHook preInstall | |
| mkdir -p $out/bin $out/share | |
| ln -s ${nordVPNBase}/bin/nordvpn $out/bin | |
| ln -s ${nordVPNfhs}/bin/nordvpnd $out/bin | |
| ln -s ${nordVPNBase}/share/* $out/share/ | |
| ln -s ${nordVPNBase}/var $out/ | |
| runHook postInstall | |
| ''; | |
| meta = with lib; { | |
| description = "CLI client for NordVPN"; | |
| homepage = "https://www.nordvpn.com"; | |
| license = licenses.unfreeRedistributable; | |
| maintainers = with maintainers; [dr460nf1r3]; | |
| platforms = ["x86_64-linux"]; | |
| }; | |
| }) {}; | |
| in | |
| with lib; { | |
| options.myypo.services.custom.nordvpn.enable = mkOption { | |
| type = types.bool; | |
| default = false; | |
| description = '' | |
| Whether to enable the NordVPN daemon. Note that you'll have to set | |
| `networking.firewall.checkReversePath = false;`, add UDP 1194 | |
| and TCP 443 to the list of allowed ports in the firewall and add your | |
| user to the "nordvpn" group (`users.users.<username>.extraGroups`). | |
| ''; | |
| }; | |
| config = mkIf config.myypo.services.custom.nordvpn.enable { | |
| networking.firewall.checkReversePath = false; | |
| environment.systemPackages = [nordVpnPkg]; | |
| users.groups.nordvpn = {}; | |
| users.groups.nordvpn.members = ["myypo"]; | |
| systemd = { | |
| services.nordvpn = { | |
| description = "NordVPN daemon."; | |
| serviceConfig = { | |
| ExecStart = "${nordVpnPkg}/bin/nordvpnd"; | |
| ExecStartPre = pkgs.writeShellScript "nordvpn-start" '' | |
| mkdir -m 700 -p /var/lib/nordvpn; | |
| if [ -z "$(ls -A /var/lib/nordvpn)" ]; then | |
| cp -r ${nordVpnPkg}/var/lib/nordvpn/* /var/lib/nordvpn; | |
| fi | |
| ''; | |
| NonBlocking = true; | |
| KillMode = "process"; | |
| Restart = "on-failure"; | |
| RestartSec = 5; | |
| RuntimeDirectory = "nordvpn"; | |
| RuntimeDirectoryMode = "0750"; | |
| Group = "nordvpn"; | |
| }; | |
| wantedBy = ["multi-user.target"]; | |
| after = ["network-online.target"]; | |
| wants = ["network-online.target"]; | |
| }; | |
| }; | |
| }; | |
| } |
hi, a am new in nixos. how can i integrate this flake. i have flakes and home-manager
@sgremm not my gist, but: it's a nixos module. You can integrate by copying it into into your flake, import it into your configuration, then set myypo.services.custom.nordvpn.enable=true somewhere in that same configuration.
Hey all, 3.8.x is no longer in the repo so this broke my nix auto update keeping this. After doing a bit of tinkering I found that 3.9.x + was missing some library deps. I tested and built 4.0.0 on my own laptop and seems to be operating. I've forked a version of this script and posted it here https://gist.github.com/chomes/2e1b0e0f532c9fbbf25fe33e49cb8198 if you're interested in getting this working. I'm happy to delete if myypo updates with the new changes.
@chomes Hey, sounds good. I am no longer using NordVPN, so I can't maintain the snippet anymore.
This is really useful, thanks! For anyone struggling to upgrade to v3.20.1, I had to add libnl and libcap_ng to nativeBuildInputs (and of course the derivation parameter attribute set).