-
-
Save chomes/2e1b0e0f532c9fbbf25fe33e49cb8198 to your computer and use it in GitHub Desktop.
| { | |
| config, | |
| lib, | |
| pkgs, | |
| ... | |
| }: let | |
| nordVpnPkg = pkgs.callPackage ({ | |
| autoPatchelfHook, | |
| buildFHSEnvChroot, | |
| dpkg, | |
| fetchurl, | |
| lib, | |
| stdenv, | |
| sysctl, | |
| iptables, | |
| iproute2, | |
| procps, | |
| cacert, | |
| libnl, # Needed for 3.9.x + | |
| libcap_ng, # Needed for 3.9.x + | |
| sqlite, # Needed for 4.1.x + | |
| libxml2, | |
| libidn2, | |
| zlib, | |
| wireguard-tools, | |
| }: let | |
| pname = "nordvpn"; | |
| version = "4.3.1"; | |
| nordVPNBase = stdenv.mkDerivation { | |
| inherit pname version; | |
| src = fetchurl { | |
| url = "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/nordvpn_${version}_amd64.deb"; | |
| hash = "sha256-oFf4uxZsucAh2yW++SQRxFx8+JdL8ZsNzWqzjJ2JqUs="; | |
| }; | |
| buildInputs = [libxml2 libidn2 libnl sqlite libcap_ng]; | |
| nativeBuildInputs = [dpkg autoPatchelfHook stdenv.cc.cc.lib]; | |
| dontConfigure = true; | |
| dontBuild = true; | |
| unpackPhase = '' | |
| runHook preUnpack | |
| dpkg --extract $src . | |
| runHook postUnpack | |
| ''; | |
| installPhase = '' | |
| runHook preInstall | |
| mkdir -p $out | |
| mv usr/* $out/ | |
| mv var/ $out/ | |
| mv etc/ $out/ | |
| runHook postInstall | |
| ''; | |
| }; | |
| nordVPNfhs = buildFHSEnvChroot { | |
| name = "nordvpnd"; | |
| runScript = "nordvpnd"; | |
| # hardcoded path to /sbin/ip | |
| targetPkgs = pkgs: [ | |
| sqlite # Needed for 4.1.x + | |
| nordVPNBase | |
| sysctl | |
| iptables | |
| iproute2 | |
| procps | |
| cacert | |
| libnl # Needed for 3.9.x + | |
| libcap_ng # Needed for 3.9.x + | |
| libxml2 | |
| libidn2 | |
| zlib | |
| wireguard-tools | |
| ]; | |
| }; | |
| in | |
| stdenv.mkDerivation { | |
| inherit pname version; | |
| dontUnpack = true; | |
| dontConfigure = true; | |
| dontBuild = true; | |
| installPhase = '' | |
| runHook preInstall | |
| mkdir -p $out/bin $out/share | |
| ln -s ${nordVPNBase}/bin/nordvpn $out/bin | |
| ln -s ${nordVPNfhs}/bin/nordvpnd $out/bin | |
| ln -s ${nordVPNBase}/share/* $out/share/ | |
| ln -s ${nordVPNBase}/var $out/ | |
| runHook postInstall | |
| ''; | |
| meta = with lib; { | |
| description = "CLI client for NordVPN"; | |
| homepage = "https://www.nordvpn.com"; | |
| license = licenses.unfreeRedistributable; | |
| maintainers = with maintainers; [dr460nf1r3]; | |
| platforms = ["x86_64-linux"]; | |
| }; | |
| }) {}; | |
| in | |
| with lib; { | |
| options.myypo.services.custom.nordvpn.enable = mkOption { | |
| type = types.bool; | |
| default = false; | |
| description = '' | |
| Whether to enable the NordVPN daemon. Note that you'll have to set | |
| `networking.firewall.checkReversePath = false;`, add UDP 1194 | |
| and TCP 443 to the list of allowed ports in the firewall and add your | |
| user to the "nordvpn" group (`users.users.<username>.extraGroups`). | |
| ''; | |
| }; | |
| config = mkIf config.myypo.services.custom.nordvpn.enable { | |
| networking.firewall.checkReversePath = false; | |
| environment.systemPackages = [nordVpnPkg]; | |
| users.groups.nordvpn = {}; | |
| users.groups.nordvpn.members = ["myypo"]; | |
| systemd = { | |
| services.nordvpn = { | |
| description = "NordVPN daemon."; | |
| serviceConfig = { | |
| ExecStart = "${nordVpnPkg}/bin/nordvpnd"; | |
| ExecStartPre = pkgs.writeShellScript "nordvpn-start" '' | |
| mkdir -m 700 -p /var/lib/nordvpn; | |
| if [ -z "$(ls -A /var/lib/nordvpn)" ]; then | |
| cp -r ${nordVpnPkg}/var/lib/nordvpn/* /var/lib/nordvpn; | |
| fi | |
| ''; | |
| NonBlocking = true; | |
| KillMode = "process"; | |
| Restart = "on-failure"; | |
| RestartSec = 5; | |
| RuntimeDirectory = "nordvpn"; | |
| RuntimeDirectoryMode = "0750"; | |
| Group = "nordvpn"; | |
| }; | |
| wantedBy = ["multi-user.target"]; | |
| after = ["network-online.target"]; | |
| wants = ["network-online.target"]; | |
| }; | |
| }; | |
| }; | |
| } |
Thanks for the configs, I am new to Nixos so this was helpful.
Had to change the URL to this -> url = "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/n/nordvpn/nordvpn_${version}_amd64.deb";
I could not get meshnet to work though. Any hint?
Hey @DJmatexx apologies for the delay, I got locked out of my github. I've created the github package here: https://github.com/chomes/nix_modules/blob/main/nordvpn-module.nix
I'll now mark this as deprecated and people that want to use this should follow this link for changes.
@noelbautista91 - I've not used meshnet from nordvpn so I couldn't help you on that unfortunately, btw thanks on the url correcting, I checked my actual nix config on my laptop and it does have that but I must've missed it on here. Not sure why.
Deprecated
This gist is now deprecated and has moved to https://github.com/chomes/nix_modules/blob/main/nordvpn-module.nix.
Please go here for any future changes.
Why
Suprisingly to me, this gist is actually popular enough for people to want to improve upon it, I've made a github repo to allow collaboration and have any changes that people would like to have added reviewed and merged.
I myself am still not super familiar with nixos language but I'll try my best to review any changes I can.
would you be willing to maintain this as a repo instead of a gist? there's some PRs i'd like to make in order to make this easier to set up. otherwise, i'll fork/transfer it myself.