-
-
Save chomes/2e1b0e0f532c9fbbf25fe33e49cb8198 to your computer and use it in GitHub Desktop.
A fork of @myypo nordvpn.nix module. This allows you to install the latest version of nordvpn client. It downloads the debian package then installs it on your nixos module.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| config, | |
| lib, | |
| pkgs, | |
| ... | |
| }: let | |
| nordVpnPkg = pkgs.callPackage ({ | |
| autoPatchelfHook, | |
| buildFHSEnvChroot, | |
| dpkg, | |
| fetchurl, | |
| lib, | |
| stdenv, | |
| sysctl, | |
| iptables, | |
| iproute2, | |
| procps, | |
| cacert, | |
| libnl, # Needed for 3.9.x + | |
| libcap_ng, # Needed for 3.9.x + | |
| sqlite, # Needed for 4.1.x + | |
| libxml2, | |
| libidn2, | |
| zlib, | |
| wireguard-tools, | |
| }: let | |
| pname = "nordvpn"; | |
| version = "4.3.1"; | |
| nordVPNBase = stdenv.mkDerivation { | |
| inherit pname version; | |
| src = fetchurl { | |
| url = "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/nordvpn_${version}_amd64.deb"; | |
| hash = "sha256-oFf4uxZsucAh2yW++SQRxFx8+JdL8ZsNzWqzjJ2JqUs="; | |
| }; | |
| buildInputs = [libxml2 libidn2 libnl sqlite libcap_ng]; | |
| nativeBuildInputs = [dpkg autoPatchelfHook stdenv.cc.cc.lib]; | |
| dontConfigure = true; | |
| dontBuild = true; | |
| unpackPhase = '' | |
| runHook preUnpack | |
| dpkg --extract $src . | |
| runHook postUnpack | |
| ''; | |
| installPhase = '' | |
| runHook preInstall | |
| mkdir -p $out | |
| mv usr/* $out/ | |
| mv var/ $out/ | |
| mv etc/ $out/ | |
| runHook postInstall | |
| ''; | |
| }; | |
| nordVPNfhs = buildFHSEnvChroot { | |
| name = "nordvpnd"; | |
| runScript = "nordvpnd"; | |
| # hardcoded path to /sbin/ip | |
| targetPkgs = pkgs: [ | |
| sqlite # Needed for 4.1.x + | |
| nordVPNBase | |
| sysctl | |
| iptables | |
| iproute2 | |
| procps | |
| cacert | |
| libnl # Needed for 3.9.x + | |
| libcap_ng # Needed for 3.9.x + | |
| libxml2 | |
| libidn2 | |
| zlib | |
| wireguard-tools | |
| ]; | |
| }; | |
| in | |
| stdenv.mkDerivation { | |
| inherit pname version; | |
| dontUnpack = true; | |
| dontConfigure = true; | |
| dontBuild = true; | |
| installPhase = '' | |
| runHook preInstall | |
| mkdir -p $out/bin $out/share | |
| ln -s ${nordVPNBase}/bin/nordvpn $out/bin | |
| ln -s ${nordVPNfhs}/bin/nordvpnd $out/bin | |
| ln -s ${nordVPNBase}/share/* $out/share/ | |
| ln -s ${nordVPNBase}/var $out/ | |
| runHook postInstall | |
| ''; | |
| meta = with lib; { | |
| description = "CLI client for NordVPN"; | |
| homepage = "https://www.nordvpn.com"; | |
| license = licenses.unfreeRedistributable; | |
| maintainers = with maintainers; [dr460nf1r3]; | |
| platforms = ["x86_64-linux"]; | |
| }; | |
| }) {}; | |
| in | |
| with lib; { | |
| options.myypo.services.custom.nordvpn.enable = mkOption { | |
| type = types.bool; | |
| default = false; | |
| description = '' | |
| Whether to enable the NordVPN daemon. Note that you'll have to set | |
| `networking.firewall.checkReversePath = false;`, add UDP 1194 | |
| and TCP 443 to the list of allowed ports in the firewall and add your | |
| user to the "nordvpn" group (`users.users.<username>.extraGroups`). | |
| ''; | |
| }; | |
| config = mkIf config.myypo.services.custom.nordvpn.enable { | |
| networking.firewall.checkReversePath = false; | |
| environment.systemPackages = [nordVpnPkg]; | |
| users.groups.nordvpn = {}; | |
| users.groups.nordvpn.members = ["myypo"]; | |
| systemd = { | |
| services.nordvpn = { | |
| description = "NordVPN daemon."; | |
| serviceConfig = { | |
| ExecStart = "${nordVpnPkg}/bin/nordvpnd"; | |
| ExecStartPre = pkgs.writeShellScript "nordvpn-start" '' | |
| mkdir -m 700 -p /var/lib/nordvpn; | |
| if [ -z "$(ls -A /var/lib/nordvpn)" ]; then | |
| cp -r ${nordVpnPkg}/var/lib/nordvpn/* /var/lib/nordvpn; | |
| fi | |
| ''; | |
| NonBlocking = true; | |
| KillMode = "process"; | |
| Restart = "on-failure"; | |
| RestartSec = 5; | |
| RuntimeDirectory = "nordvpn"; | |
| RuntimeDirectoryMode = "0750"; | |
| Group = "nordvpn"; | |
| }; | |
| wantedBy = ["multi-user.target"]; | |
| after = ["network-online.target"]; | |
| wants = ["network-online.target"]; | |
| }; | |
| }; | |
| }; | |
| } |
Author
Author
Deprecated
This gist is now deprecated and has moved to https://github.com/chomes/nix_modules/blob/main/nordvpn-module.nix.
Please go here for any future changes.
Why
Suprisingly to me, this gist is actually popular enough for people to want to improve upon it, I've made a github repo to allow collaboration and have any changes that people would like to have added reviewed and merged.
I myself am still not super familiar with nixos language but I'll try my best to review any changes I can.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey @DJmatexx apologies for the delay, I got locked out of my github. I've created the github package here: https://github.com/chomes/nix_modules/blob/main/nordvpn-module.nix
I'll now mark this as deprecated and people that want to use this should follow this link for changes.
@noelbautista91 - I've not used meshnet from nordvpn so I couldn't help you on that unfortunately, btw thanks on the url correcting, I checked my actual nix config on my laptop and it does have that but I must've missed it on here. Not sure why.